[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
On 10/09/13 17:12, Ian Jackson wrote: > Roger Pau Monne writes ("[PATCH] libxl: set permissions for xs frontend entry > pointing to xs backend"): >> libxl doesn't currently set the permissions of entries like: >> >> /local/domain/<domid>/device/<dev_type>/<devid>/backend >> >> This allows the guest to change this xenstore entries to point to a >> different backend path, or to malicious xenstore path forged by the >> guest itself. libxl currently relies on this path being valid in order >> to perform the unplug of devices in libxl__devices_destroy, so we >> should prevent the guest from modifying this xenstore entry. > > Is it sufficient to set the permissions on "backend" - does that > prevent the guest deleting the whole subtree ? No, the guest can still delete the whole subtree, but it can not recreate it (because the parent directory /local/domain/<domid>/device/<dev_type>/ is not writeable by the guest). > Really it would be better to make the unplug not depend on this path. > > This is a security issue, so CCing security@. It appears to have > been discovered in public on xen-devel, so shouldn't be embargoed. > > Ian. > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |