[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Oleksandr Tyshchenko <oleksandr.tyshchenko@xxxxxxxxxxxxxxx>
Date: Tue, 23 Sep 2014 20:58:50 +0300
Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Tue, 23 Sep 2014 17:59:03 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Ian

On Tue, Sep 23, 2014 at 8:00 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Ian Campbell writes ("Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS 
> loader"):
>> On Tue, 2014-09-23 at 17:19 +0100, Ian Jackson wrote:
>> > These would all have been security bugs if the v3 patch had been
>> > accepted.  They would have been bugs that would potentially amount to
>> > privilege escalation for very many Xen installations.
>>
>> Well, those booting untrusted QNX guests on ARM, which won't be many
>> yet, but point taken...
>
> No.  The loader would run whenever it seems the appropriate image
> type, so everyone with it compiled in is vulnerable.
>
> Admittedly you are right that this is only ARM users.
>
>> > I think we should be considering whether to take an approach similar
>> > to that taken in libelf after XSA-55.  The code can probably be
>> > reused.
>>
>> I think something like that would be good, but would be a much bigger
>> yakk than we can reasonably ask to be shaved here, since it would need
>> to transition the core xc_dom builder code and all of the loaders for
>> both ARM and x86.
>>
>> And its certainly not 4.5 material at this point.
>
> In that case this code needs a very thorough review process.
>
> I suggest the following approach: the submitters conduct a very
> serious and thorough security review.  When they are happy that they
> have a bug-free submission, they send it with at least an ack from a
> colleague.
>
> I will then review it in detail looking for security bug.  If I find
> even one the whole patch will be rejected for 4.5 and we will look at
> the more substantial approach for post-4.5.
>
> This may sound harsh, but security review of this kind of code is very
> difficult work and not particularly reliable at finding bugs.  A
> system where the patch is simply resubmitted, after fixing those bugs
> found by the first security review, will probably result in
> undiscovered bugs being accepted.
>
> Ian.

Thank you for your comment. I got it.

-- 

Oleksandr Tyshchenko | Embedded Dev
GlobalLogic
www.globallogic.com

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Oleksandr Tyshchenko
- [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Oleksandr Tyshchenko
- Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH] git urls: prefix with GIT_PROTO_PREFIX
Next by Date: [Xen-devel] [linux-3.10 test] 30361: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
Next by thread: Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.