WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

Re: [Xen-devel] I/O port access permission

from [Keir Fraser]

[Permanent Link][Original]

To:	"Jan Beulich" <jbeulich@xxxxxxxxxx>
Subject:	Re: [Xen-devel] I/O port access permission
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Tue, 1 Aug 2006 16:37:44 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Tue, 01 Aug 2006 08:38:40 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<44CF8922.76E4.0078.0@xxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<44CF8922.76E4.0078.0@xxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


On 1 Aug 2006, at 16:02, Jan Beulich wrote:

Isn't it inconsistent (and perhaps to be considered a security hole)
that construct_dom0() specifically revokes access for a small group of
ports, but DOM0_IOPORT_PERMISSION blindly grants access to any ports
(including the 'special' ones) and any domain?

Thanks, Jan

The intention was sane start-of-day settings, not absolute security. Wecould add an 'absolutely no access' rangeset but it's not clear it'sworth it.


 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] I/O port access permission, Jan Beulich Re: [Xen-devel] I/O port access permission, Keir Fraser <=

Previous by Date:	Re: [Xen-devel] What's the purpose of VM_FOREIGN, Andrew Warfield
Next by Date:	Re: [Xen-devel] [PATCH 0/6] xen,xend,tools: Add NUMA support to Xen, Ryan Harper
Previous by Thread:	[Xen-devel] I/O port access permission, Jan Beulich
Next by Thread:	[Xen-devel] Daily Xen Builds, David F Barrera
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix