WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-ia64-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability

from [Kouya Shimura] [Permanent Link][Original]
To: Isaku Yamahata <yamahata@xxxxxxxxxxxxx>
Subject: Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability
From: Kouya Shimura <kouya@xxxxxxxxxxxxxx>
Date: Tue, 15 Jan 2008 16:47:16 +0900
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 14 Jan 2008 23:47:33 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20080115070549.GF8301%yamahata@xxxxxxxxxxxxx>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <7kd4s3a8ch.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20080115070549.GF8301%yamahata@xxxxxxxxxxxxx>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Isaku Yamahata writes:
> On Tue, Jan 15, 2008 at 03:52:45PM +0900, Kouya Shimura wrote:
> > DomU can map any other domain's memory.
> 
> What about add_io_space and un/expose_foreign_p2m?

I'm not sure they are breakable.
At first, I wrote the following patch. But domU never boot.
(do_dom0vp_op() is not only for dom0...)
Why don't you fix them?

===============================
unsigned long
do_dom0vp_op(unsigned long cmd,
             unsigned long arg0, unsigned long arg1, unsigned long arg2,
             unsigned long arg3)
{
    unsigned long ret = 0;
    struct domain *d = current->domain;

+   if ( !IS_PRIV(d) )
+       return -EPERM;
    switch (cmd) {
    case IA64_DOM0VP_ioremap:
===============================

Thanks,
Kouya

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability, Isaku Yamahata
Next by Date:  [Xen-devel] Please pull ia64/xen-unstable.hg, Alex Williamson
Previous by Thread:  Re: [Xen-ia64-devel] [PATCH] Fix security vulnerability, Isaku Yamahata
Next by Thread:  [Xen-devel] Please pull ia64/xen-unstable.hg, Alex Williamson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy