[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] libxc: Add trusted decompressors

On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@xxxxxxxxxx> wrote:
>> I'm not sure "trusted" is quite the right term though, these aren't
>> really any more trustworthy than the library supplied ones -- they are
>> just more suitable for a mini-os environment.
> I used the term "trusted" because it should not be fed with untrusted
> input. So it should not be used in the normal libxenguest. In the case
> of pv-grub, all input is trusted as it runs in the same security domain.

So it's not the decompressors you trust, but the data that you trust?

"Trusted decompressors" definitely means that the decompressors
themselves are more trustworthy somehow; "trusting decompressors"
would be a more accurate description. ;-)

What I'm afraid of is that if people see "trusted decompressors", they
will interpret it in exactly the opposite way -- i.e.,, they will
think that the decompressors can be trusted to deal with untrusted
data, perhaps because they do input sanitation or are designed to be
robust against malformed data.

 Maybe change the comment to say "Add decompressors for trusted data
based on hypervisor code", and a brief comment to each file describing
what "trusted" means?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.