[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xsm/flask: improve unknown permission handling
On 04/12/14 11:12, George Dunlap wrote: > On 12/04/2014 10:37 AM, David Vrabel wrote: >> On 03/12/14 18:42, Andrew Cooper wrote: >>> >>> XSA-37 was only an XSA because the rules at the time were unclear as >>> whether it was an issue or not. At the same time, the rules were >>> clarified to state that issues in a debug build only are not security >>> issues. >> >> Given that we occasionally ask our customers to run debug versions of >> Xen to diagnose particular problems I think this policy should change >> (if not by the Xen project security team, then at least internally). > > Well given that debug builds *already*, by design, crash on a lot of > things that don't crash in production, then you are already increasing > their risk of a host crash just by giving them that build. If > increasing the risk of a host crash isn't acceptable, then you should > stop giving them debug builds. I disagree. ASSERTs will cause Xen to fail more /predictably/. A bug that would trigger an ASSERT will most likely cause a less predictable failure later on in a non-debug Xen. > Alternately, maybe we can add an option either at compile time or at > boot time for ASSERTs not to crash for your situation. Making ASSERT not crash doesn't help (see above). > But the fact that we have ASSERTs at all mean that we *expect* debug > builds to crash. If that's not what we want we need to get rid of the > ASSERTs entirely. ???? David _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |