[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Tue, 10 Sep 2013 17:19:27 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Campbell <ian.campbell@xxxxxxxxxx>, security@xxxxxxx
Delivery-date: Tue, 10 Sep 2013 15:19:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 10/09/13 17:12, Ian Jackson wrote:
> Roger Pau Monne writes ("[PATCH] libxl: set permissions for xs frontend entry 
> pointing to xs backend"):
>> libxl doesn't currently set the permissions of entries like:
>>
>> /local/domain/<domid>/device/<dev_type>/<devid>/backend
>>
>> This allows the guest to change this xenstore entries to point to a
>> different backend path, or to malicious xenstore path forged by the
>> guest itself. libxl currently relies on this path being valid in order
>> to perform the unplug of devices in libxl__devices_destroy, so we
>> should prevent the guest from modifying this xenstore entry.
> 
> Is it sufficient to set the permissions on "backend" - does that
> prevent the guest deleting the whole subtree ?

No, the guest can still delete the whole subtree, but it can not
recreate it (because the parent directory
/local/domain/<domid>/device/<dev_type>/ is not writeable by the guest).

> Really it would be better to make the unplug not depend on this path.
> 
> This is a security issue, so CCing security@.  It appears to have
> been discovered in public on xen-devel, so shouldn't be embargoed.
> 
> Ian.
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Ian Campbell

References:
- Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
  - From: Ian Campbell
- [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH v1 04/13] x86/VPMU: Minor VPMU cleanup
Next by Date: [Xen-devel] [PATCH v1 03/13] x86/PMU: Stop AMD counters when called from vpmu_save_force()
Previous by thread: Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
Next by thread: Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.