[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 99 - unexpected pitfall in xenaccess API



On Tue, Jun 17, 2014 at 6:57 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
(dropping announce lists)

On Tue, 2014-06-17 at 06:50 -0700, Andres Lagar Cavilla wrote:

> The helper would have been thrown off balance, and failed to audit
> something at worst. Maybe this means a security problem down the line
> for that helper toolchain, but outside the purview of the hypervisor.

The purpose of this advisory was to provide a heads up to the authors of
those toolchains so that they could check for such issues in their code.

I think you need to reread the advisory, especially the IMPACT and
VULNERABLE SYSTEMS sections, which I think make it pretty clear that the
issue is 3rd party consumers of the xenaccess API which may have
inadvertently implemented vulnerable code by following the example.
And in the end the small window is fixed by the patch, so there is a degree of futility to my persistence.

> I see how helpers may be thrown totally off balance. I see self-DoS,
> but still do not see privilege escalation happening.

We don't know what people have implemented using these mechanisms. Are
you so confident that you can completely rule it out for 100% of those
use cases?
Never 100% of course.Â

The right thing for us to do was to warn people, so that is what we have
done.
Fair enough.

Thanks
Andres

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.