[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
- To: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
- From: Keir Fraser <keir@xxxxxxx>
- Date: Tue, 09 Aug 2011 12:31:22 +0100
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
- Delivery-date: Tue, 09 Aug 2011 04:32:14 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=owA4uSS+tV/02BDa/vY5d5PvKWeT0mNMWkpEKq7RqtU=; b=wr85TUmdu6OR8GOwyHVDyV/w2aLB04FOWoqrTIT7TPk5oSc35amobOQB9oppCTXz7x h6/gGw7/KQC/mzejnR5KvBxcPLKLEM8B0vWCbZNPKL7EPM5Zq3T07gaZ1aaYfqDeYJZV q49TyFmX2TVgqM9c1zB8rmK0rzVWf9BOYK9lQ=
- List-id: Xen developer discussion <xen-devel.lists.xensource.com>
- Thread-index: AcxWh91IYsrVxd8VSUaffPGbhHebRA==
- Thread-topic: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
On 09/08/2011 12:18, "Vincent Hanquez" <vincent.hanquez@xxxxxxxxxxxxx>
wrote:
> On 08/09/2011 12:00 PM, Keir Fraser wrote:
>> If userspace connections to xenbus were not trusted, we'd
>> need a lot more filtering than we have.
>
> I don't think people that are using it in guest userspace (quite liberally)
> have necessarily realized this.
Well, you do need to be root (at least by default) to access the xenstore
device, and there are myriad other ways for a root process to break the
guest. Admittedly you could start as root and then deprivilege yourself, in
which case the xenstore conenction would be an ongoing point of excess
privilege.
Do you have any examples of projects which could run with much lesser
privilege, and very constrained xenstore access, if a suitably controlled
xenstore interface was provided?
-- Keir
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel