|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] possible pciback security issue
>>> Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> 04.05.06 15:06 >>> > >On 4 May 2006, at 13:57, Jan Beulich wrote: > >> Having looked more closely into what would be needed to enable MSI >> support I stumbled across a simple question: If a >> domU is granted access to an MSI-capable device, it could maliciously >> or erroneously enable MSI on that device and >> program an arbitrary vector to be delivered, or even force the message >> address and/or value to something that might make >> the system misbehave/crash. >> It would seem to me that filtering only a few header fields is >> insufficient from a security point of view, not only >> from the perspective of MSI. While this may severely limit >> functionality, I think by default only read access must be >> granted to any fields/bits of unknown meaning (namely everything >> outside the header). > >That *is* the default. Oh, sorry, I missed the permissive flag. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |