|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselve
On 08/09/2011 11:14 AM, Keir Fraser wrote:
On 09/08/2011 11:08, "Vincent Hanquez"<vincent.hanquez@xxxxxxxxxxxxx>
wrote:
xenstored: allow guests to reintroduce themselves
During kexec all old watches have to be removed, otherwise the new
kernel will receive unexpected events. Allow a guest to introduce itself
and cleanup all of its watches.
What about security wise ?
Guest userspace suddenly becomes able to do this operation (and DoS themself)
where they used to be limited to normal read/write/.. operations.
Guest userspace can already DoS the guest if it has access to xenstore, by
messing with xenbus I/O connections, for example.
How so ?
It seems we validate userspace packets (at least on linux) before actually
putting them on the ring.
--
Vincent
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|