WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore c

from [Ian Jackson]

[Permanent Link][Original]

To:	Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Subject:	Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
From:	Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date:	Fri, 2 Jul 2010 17:50:35 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 02 Jul 2010 09:51:39 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20100702124458.GK31695@xxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Newsgroups:	chiark.mail.xen.devel
References:	<20100702124458.GK31695@xxxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Tim Deegan writes ("[Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C 
xenstore client libs."):
> The OCaml xenstored supports the XS_RESTRICT operation, which
> deprivileges a dom0 xenstore connection so it can only affect one
> domain's entries.   Add the relevant definitions to the C libraries 
> so that callers can use it. 

Can you explain what this is for, please ?  If it's for security
against a hostile caller, what prevents the caller from simply opening
another xenstore connection ?

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs., Tim Deegan Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs., Ian Jackson <= Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs., Keir Fraser

Previous by Date:	RE: [Xen-devel] Multi-vcpu HVM Linux domain hanging during boot, Dan Magenheimer
Next by Date:	Re: [Xen-devel] State of gdbsx in xen-4.0-testing.hg and debugger documentation., Ian Jackson
Previous by Thread:	[Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs., Tim Deegan
Next by Thread:	Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs., Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix