WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Fri, 30 May 2008 11:00:02 +0200
Cc: Eren Türkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 May 2008 02:00:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx> (Ian Jackson's message of "Tue\, 13 May 2008 18\:16\:19 +0100")
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200805081800.24064.turkay.eren@xxxxxxxxx> <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508171255.GA31908@xxxxxxxxxx> <18467.13858.203078.97403@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508172304.GB31908@xxxxxxxxxx> <18467.14318.921215.768838@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508173023.GC31908@xxxxxxxxxx> <18468.29633.937355.26121@xxxxxxxxxxxxxxxxxxxxxxxx> <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)
I'm looking at xen-unstable cset 17606 and 17646.  If I understand
your patches correctly, you attack the security problem in two places:

(1) make format probing never return raw, and

(2) provide means to specify the format explicitly, bypassing probing.

You put (2) in xenstore_parse_domain_config().  I can see how that
works for block devices defined in the domain configuration.  But what
about USB disks?  I created a guest with the following settings:

    usb = 1
    usbdevice = "disk:/var/lib/xen/images/usbkey.img"

This duly started qemu with arguments

    -usb -usbdevice disk:/var/lib/xen/images/usbkey.img

The -usbdevice argument is ultimately processed by usb_device_add(),
which calls usb_msd_init() to do the real work.  I think we get (1),
but not (2) there, i.e. your change breaks raw format USB disks.

Monitor command "usb_add" also runs usb_device_add(), so it should
have the same problem.

I suspect monitor command "change" has the same problem, too.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel