[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup


  • To: Reiner Sailer <sailer@xxxxxxxxxx>
  • From: David Palmer <dwpalmer.xense@xxxxxxxxx>
  • Date: Fri, 2 Sep 2005 11:41:28 -0700
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Stefan Berger <stefanb@xxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 02 Sep 2005 18:39:16 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=i71y8Fk/Q2TgMQAjEdqR7tv00SOK9GV+SZ7+XiNpR/Bh/RCmfA9NTejwHLJqV8eKK293uwcdbPwJ4rlVq4bn+N2Ab6tlQCu9VqbnJbpyf8YYozp/46Rj5CJ8myk/NosOVTwd0jUZaZuAW+F7fIrG4J4Ky6pbCZzOcmTysxw5whU=
  • List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Reiner,

I've looked over the code.  As input, it takes either an SSID or a DomainID.  If given a DomainID, it looks up the domain's SSID.  It then returns two arrays of 0's and 1's.  One array is a row from the STE-Type matrix and the other is a row from the ChWall-Type matrix corresponding to the given SSID.

My question then: What constitutes a legitimate use vs. a clear abuse of this information?

For example, lets say I create a domain that manages a resource.  When another domain connects, the resource domain checks for a specific type using get_ssid() on the subject's DomainID and indexes one of the arrays with the type number.  If the type is set, then it provides the "Privileged" interface with the other domain.  If it is not set, then it provides the "Unprivileged" interface with the domain.  Is this legitimate or an abuse of the function?  Why or why not?

Dave

On 9/1/05, Reiner Sailer <sailer@xxxxxxxxxx> wrote:

This patch:

* adds a get_ssid ACM command that allows privileged domains to retrieve types for either a given ssid reference or a given domain id (of a running domain); this command can be used to extend access control into device domains, e.g., to control network traffic currently moving through Domain 0 uncontrolled by the ACM policy

* adds a script getlabel.sh that allows users inside Dom0 to retrieve the label for a given ssid reference or a given domain id (multiple labels might map onto a single ssid reference)

* cleans up label-related code in tools/security by merging common functions into labelfuncs.sh

* cleans up ACM code related to above changes (eventually approximating a common coding style)

Comments welcome.

Thanks
Reiner

Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx>

Signed-off by Stefan Berger <stefanb@xxxxxxxxxx>




_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel




_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.