[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration



On Tue, Sep 30, 2008 at 05:35:37PM +0100, John Levon wrote:
> Why isn't xenstored refusing writes/deletes from domid != 0 for these ?
> Isn't this a much better fix?

We have to manage races and such, and prevent deletion up to the
parent nodes, too - Was not sure this was wanted/easy to do, or
clean as you mention

> BTW, the ability to change the name or whatever also seems suspect,
> though most likely less serious.

Untrusted user input coming into dom0 surely leads to bad things. 
"name" is stored into /vm too, I guess this one is used by tools ?

Most sensitive information in xend can be moved replacing calls to
read/storeDom with calls to read/storeVm.

-- 
\o/   Pascal Bouchareine - Gandi 
 g    0170393757           15, place de la Nation - 75011 Paris      

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.