[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend



On Tue, 2013-09-10 at 17:19 +0200, Roger Pau Monnà wrote:
> On 10/09/13 17:12, Ian Jackson wrote:
> > Roger Pau Monne writes ("[PATCH] libxl: set permissions for xs frontend 
> > entry pointing to xs backend"):
> >> libxl doesn't currently set the permissions of entries like:
> >>
> >> /local/domain/<domid>/device/<dev_type>/<devid>/backend
> >>
> >> This allows the guest to change this xenstore entries to point to a
> >> different backend path, or to malicious xenstore path forged by the
> >> guest itself. libxl currently relies on this path being valid in order
> >> to perform the unplug of devices in libxl__devices_destroy, so we
> >> should prevent the guest from modifying this xenstore entry.
> > 
> > Is it sufficient to set the permissions on "backend" - does that
> > prevent the guest deleting the whole subtree ?
> 
> No, the guest can still delete the whole subtree,

That's surprising given that it can't delete the backend node itself. It
relies on their not being two consecutive guest owned nodes in a path,
otherwise it can delete the subtree of the second and recreate using the
permissions on the first. Bit of a bear trap that one!




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.