 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselve
| To: | Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves |
| From: | Keir Fraser <keir@xxxxxxx> |
| Date: | Tue, 09 Aug 2011 12:00:07 +0100 |
| Cc: | Olaf Hering <olaf@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx> |
| Delivery-date: | Tue, 09 Aug 2011 04:04:16 -0700 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=9lxRL5t35qXFWGY7cc//kfB1E8v+SSiPJziKRopEze4=; b=LW7ckxzMD3qN60ODJvQ+joBx7CRb7IE55mqqw+CI3PvYWQwgyxWDFC3U9NFfN9ZatZ UKXHCO+YQTey7p9IGwxSobYlaU1Dyy0HGnh2hf4wVnnIpzqkKsWZheCOv1vHBlijLOFb WED1IVey7M3MksVO5wH3JaQmiOpSfDPIfeXQw= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <4E411107.20103@xxxxxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| Thread-index: | AcxWg3+yqZYinhDLhUeLxhA2gw+p2Q== |
| Thread-topic: | [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves |
| User-agent: | Microsoft-Entourage/12.30.0.110427 |
On 09/08/2011 11:50, "Vincent Hanquez" <vincent.hanquez@xxxxxxxxxxxxx> wrote: > On 08/09/2011 11:14 AM, Keir Fraser wrote: >> On 09/08/2011 11:08, "Vincent Hanquez"<vincent.hanquez@xxxxxxxxxxxxx> >> wrote: >> >>>> xenstored: allow guests to reintroduce themselves >>>> >>>> During kexec all old watches have to be removed, otherwise the new >>>> kernel will receive unexpected events. Allow a guest to introduce itself >>>> and cleanup all of its watches. >>> >>> What about security wise ? >>> >>> Guest userspace suddenly becomes able to do this operation (and DoS >>> themself) >>> where they used to be limited to normal read/write/.. operations. >> >> Guest userspace can already DoS the guest if it has access to xenstore, by >> messing with xenbus I/O connections, for example. > > How so ? > It seems we validate userspace packets (at least on linux) before actually > putting them on the ring. I don't believe we filter which nodes can be written by userspace. So can just mess with things like the frontend connection state node for block/network connections, or whatever. Be imaginative -- there's no doubt lots of scope for screwing up xenbus connections by fooling around with the frontend state. If userspace connections to xenbus were not trusted, we'd need a lot more filtering than we have. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| Previous by Date: | Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Olaf Hering |
|---|---|
| Next by Date: | Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Vincent Hanquez |
| Previous by Thread: | Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Vincent Hanquez |
| Next by Thread: | Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Vincent Hanquez |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
