[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
On Tue, 2013-09-10 at 17:03 +0200, Roger Pau Monnà wrote: > On 10/09/13 17:02, Ian Campbell wrote: > > On Tue, 2013-09-10 at 16:54 +0200, Roger Pau Monne wrote: > >> libxl doesn't currently set the permissions of entries like: > >> > >> /local/domain/<domid>/device/<dev_type>/<devid>/backend > >> > >> This allows the guest to change this xenstore entries to point to a > >> different backend path, or to malicious xenstore path forged by the > >> guest itself. libxl currently relies on this path being valid in order > >> to perform the unplug of devices in libxl__devices_destroy, so we > >> should prevent the guest from modifying this xenstore entry. > >> > >> This patch sets the permisions of said path to be the same as a > >> backend xenstore entry (owned by the toolstack domain, readable by the > >> guest). > > > > and just to confirm: despite having r/w access to the containing > > directory, the guest cannot remove this node and recreate it? > > No, it can't (I've tried it): > > root@debian:~# xenstore-rm /local/domain/54/device/vbd/51712/backend > xenstore-rm: could not remove path /local/domain/54/device/vbd/51712/backend Perfect. Thanks! I think when I come to commit I will append to the changelog: The xenstore permissions model does not allow domains to remove directories which they do not own, despite having read/write access to the containing directory. Ian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |