WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

from [Markus Armbruster] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Fri, 30 May 2008 11:00:02 +0200
Cc: Eren Türkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 May 2008 02:00:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx> (Ian Jackson's message of "Tue\, 13 May 2008 18\:16\:19 +0100")
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200805081800.24064.turkay.eren@xxxxxxxxx> <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508171255.GA31908@xxxxxxxxxx> <18467.13858.203078.97403@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508172304.GB31908@xxxxxxxxxx> <18467.14318.921215.768838@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508173023.GC31908@xxxxxxxxxx> <18468.29633.937355.26121@xxxxxxxxxxxxxxxxxxxxxxxx> <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) 
I'm looking at xen-unstable cset 17606 and 17646.  If I understand
your patches correctly, you attack the security problem in two places:

(1) make format probing never return raw, and

(2) provide means to specify the format explicitly, bypassing probing.

You put (2) in xenstore_parse_domain_config().  I can see how that
works for block devices defined in the domain configuration.  But what
about USB disks?  I created a guest with the following settings:

    usb = 1
    usbdevice = "disk:/var/lib/xen/images/usbkey.img"

This duly started qemu with arguments

    -usb -usbdevice disk:/var/lib/xen/images/usbkey.img

The -usbdevice argument is ultimately processed by usb_device_add(),
which calls usb_msd_init() to do the real work.  I think we get (1),
but not (2) there, i.e. your change breaks raw format USB disks.

Monitor command "usb_add" also runs usb_device_add(), so it should
have the same problem.

I suspect monitor command "change" has the same problem, too.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [bisected] Re: [PATCH 05 of 12] xen: add p2m mfn_list_list, Jeremy Fitzhardinge
Next by Date:  Re: [Xen-devel] is it possible to build two privileged domain at boot time?, Derek Murray
Previous by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy