Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Roger Pau Monne writes ("[PATCH] libxl: set permissions for xs frontend entry 
pointing to xs backend"):
> libxl doesn't currently set the permissions of entries like:
> 
> /local/domain/<domid>/device/<dev_type>/<devid>/backend
> 
> This allows the guest to change this xenstore entries to point to a
> different backend path, or to malicious xenstore path forged by the
> guest itself. libxl currently relies on this path being valid in order
> to perform the unplug of devices in libxl__devices_destroy, so we
> should prevent the guest from modifying this xenstore entry.

Is it sufficient to set the permissions on "backend" - does that
prevent the guest deleting the whole subtree ?

Really it would be better to make the unplug not depend on this path.

This is a security issue, so CCing security@.  It appears to have
been discovered in public on xen-devel, so shouldn't be embargoed.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel