WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD

To: Anil Madhavapeddy <anil@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Wed, 18 Oct 2006 17:39:31 +0100
Cc: Christoph Egger <Christoph.Egger@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 18 Oct 2006 09:40:09 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <AC9CC971-B2CA-422F-9FD8-FA6AB11295C3@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acby0/w1Oo1zTl7HEduNMwAX8io7RQ==
Thread-topic: [Xen-devel] [PATCH 1/3] Add support for OpenBSD
User-agent: Microsoft-Entourage/11.2.5.060620
On 18/10/06 17:34, "Anil Madhavapeddy" <anil@xxxxxxxxxxxxx> wrote:

>> We have that already in arch/x86/Rules.mk. If that was working, I
>> doubt
>> Christoph would have gone to the trouble of hacking up the SSP goop.
>> 
> 
> That flag definitely works.
> 
> I think Christoph wanted to get stack protection working, as all the
> other OpenBSD bits (kernel/userland) use it.  There isn't much to it
> beyond adding the stack smash handler, and the stack frame format
> changes a bit...

I don't think stack-smashing attacks are a worrying vulnerability for Xen.
We don't do much variable-sized buffer manipulation, strcpy, and so on. I'd
much rather see someone put some effort into something more likely to be
useful (albeit undoubtedly more work!) like randomised attacks on the
hypercall interfaces.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel