[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 99 - unexpected pitfall in xenaccess API

(dropping announce lists)

On Tue, 2014-06-17 at 06:50 -0700, Andres Lagar Cavilla wrote:

> The helper would have been thrown off balance, and failed to audit
> something at worst. Maybe this means a security problem down the line
> for that helper toolchain, but outside the purview of the hypervisor.

The purpose of this advisory was to provide a heads up to the authors of
those toolchains so that they could check for such issues in their code.

I think you need to reread the advisory, especially the IMPACT and
VULNERABLE SYSTEMS sections, which I think make it pretty clear that the
issue is 3rd party consumers of the xenaccess API which may have
inadvertently implemented vulnerable code by following the example.

> I see how helpers may be thrown totally off balance. I see self-DoS,
> but still do not see privilege escalation happening.

We don't know what people have implemented using these mechanisms. Are
you so confident that you can completely rule it out for 100% of those
use cases?

The right thing for us to do was to warn people, so that is what we have


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.