[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS loader



Hi Ian

On Tue, Sep 23, 2014 at 8:00 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Ian Campbell writes ("Re: [Xen-devel] [PATCH v3] xen/tools: Introduce QNX IFS 
> loader"):
>> On Tue, 2014-09-23 at 17:19 +0100, Ian Jackson wrote:
>> > These would all have been security bugs if the v3 patch had been
>> > accepted.  They would have been bugs that would potentially amount to
>> > privilege escalation for very many Xen installations.
>>
>> Well, those booting untrusted QNX guests on ARM, which won't be many
>> yet, but point taken...
>
> No.  The loader would run whenever it seems the appropriate image
> type, so everyone with it compiled in is vulnerable.
>
> Admittedly you are right that this is only ARM users.
>
>> > I think we should be considering whether to take an approach similar
>> > to that taken in libelf after XSA-55.  The code can probably be
>> > reused.
>>
>> I think something like that would be good, but would be a much bigger
>> yakk than we can reasonably ask to be shaved here, since it would need
>> to transition the core xc_dom builder code and all of the loaders for
>> both ARM and x86.
>>
>> And its certainly not 4.5 material at this point.
>
> In that case this code needs a very thorough review process.
>
> I suggest the following approach: the submitters conduct a very
> serious and thorough security review.  When they are happy that they
> have a bug-free submission, they send it with at least an ack from a
> colleague.
>
> I will then review it in detail looking for security bug.  If I find
> even one the whole patch will be rejected for 4.5 and we will look at
> the more substantial approach for post-4.5.
>
> This may sound harsh, but security review of this kind of code is very
> difficult work and not particularly reliable at finding bugs.  A
> system where the patch is simply resubmitted, after fixing those bugs
> found by the first security review, will probably result in
> undiscovered bugs being accepted.
>
> Ian.

Thank you for your comment. I got it.

-- 

Oleksandr Tyshchenko | Embedded Dev
GlobalLogic
www.globallogic.com

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.