Re: [Xen-devel] problem of the permissions system in xenstore

To:	Max Zhen <Max.Zhen@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] problem of the permissions system in xenstore
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Wed, 01 Nov 2006 11:03:32 +0000
Delivery-date:	Thu, 02 Nov 2006 13:38:43 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<454877BE.2040204@xxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	Acb9pV5KnL9F/GmYEduzowAX8io7RQ==
Thread-topic:	[Xen-devel] problem of the permissions system in xenstore
User-agent:	Microsoft-Entourage/11.2.5.060620

On 1/11/06 10:32, "Max Zhen" <Max.Zhen@xxxxxxx> wrote:

> Is it a bug that a domU has no read permission to a path while has read
> permission to a path under it?

No that is valid, but the xenstored code is also quite anal about letting
untrusted clients know about presence/absence of nodes in subtrees for which
it has no access permissions. This case is obviously a bug -- a watch should
fire when a watched node disappears, even if the watcher cannot tell the
difference between that and the node being inaccessible.

I presume you have already tracked this down in xenstored. Can you make a
patch?

 -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] problem of the permissions system in xenstore