[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD

On Wednesday, 18 October 2006 at 17:39, Keir Fraser wrote:
> On 18/10/06 17:34, "Anil Madhavapeddy" <anil@xxxxxxxxxxxxx> wrote:
> >> We have that already in arch/x86/Rules.mk. If that was working, I
> >> doubt
> >> Christoph would have gone to the trouble of hacking up the SSP goop.
> >> 
> > 
> > That flag definitely works.
> > 
> > I think Christoph wanted to get stack protection working, as all the
> > other OpenBSD bits (kernel/userland) use it.  There isn't much to it
> > beyond adding the stack smash handler, and the stack frame format
> > changes a bit...
> I don't think stack-smashing attacks are a worrying vulnerability for Xen.
> We don't do much variable-sized buffer manipulation, strcpy, and so on. I'd
> much rather see someone put some effort into something more likely to be
> useful (albeit undoubtedly more work!) like randomised attacks on the
> hypercall interfaces.

I built something to do that for a course project a few months ago -
basically a kernel module to pass along completely unchecked
hypercalls, generated by a python script with a few hooks to filter
out those that it knew Xen would catch anyway. It even managed to
crash xen periodically, but I never quite finished the piece that was
supposed to reproduce crashes after they happened. I guess I should
clean it up and post it somewhere...

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.