WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [XSM] Potential security vulnerability and inconsistency in

from [Tan, Lin] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close
From: "Tan, Lin" <lintan2@xxxxxxxx>
Date: Sun, 17 Feb 2008 12:04:22 -0600
Accept-language: en-US
Acceptlanguage: en-US
Delivery-date: Sun, 17 Feb 2008 10:04:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Achxj4Y3A9B64wJDQdSqfRXw0ecbLA==
Thread-topic: [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close 
Hi All,

I found that evtchn_close() is not checked for authorization by xsm hooks in 
some cases.

There is no xsm permission check before evtchn_close() called in 
do_event_channel_op() as shown below. I imagine, maybe there is no need to 
check if one can close itself, but it is probably still good to add a xsm hook 
inside evtchn_close() in case we decide to expand evtchn_close() to close other 
domains later.

In addition, almost all other functions such as evtchn_send() and 
evtchn_status() put their xsm hooks inside themselves, it would be more 
consistent to add a xsm_evtchn_close() hook in evtchn_close(). What do you 
think? Thanks.

818   long do_event_channel_op(int cmd, XEN_GUEST_HANDLE(void) arg) {
...
874     case EVTCHNOP_close: {
875         struct evtchn_close close;
876         if ( copy_from_guest(&close, arg, 1) != 0 )
877             return -EFAULT;
878         rc = evtchn_close(&close);
879         break;
...
}

Thanks,
Lin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close, Tan, Lin <=
Previous by Date:  [Xen-devel] Windows PV 0.6.5 crashing, Randy McAnally
Next by Date:  [Xen-devel] Sharing Memory between userspace of dom0 and userspace of domU, Kareem Dana
Previous by Thread:  [Xen-devel] Windows PV 0.6.5 crashing, Randy McAnally
Next by Thread:  [Xen-devel] Sharing Memory between userspace of dom0 and userspace of domU, Kareem Dana
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy