[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Backport request "libxl: In libxl_set_vcpuonline check for maximum number of VCPUs against the cpumap." (Was: Re: [Bug report] Security issue in "xl vcpu-set")



Luwei Cheng writes ("Re: Backport request "libxl: In libxl_set_vcpuonline check 
for maximum number of VCPUs against the cpumap." (Was: Re: [Bug report] 
Security issue in "xl vcpu-set")"):
> Some third-part management tools might be built directly above xl.
> Perhaps they can not rely on "Ctrl-C"..

In general callers of libxl will not be built to raise SIGINT.  For
example, if libvirt called this function in a way that triggers the
bug, there wouldn't be any reasonable way to recover control.

I'm afraid I'm still not clear about when the failure can be triggered
by an attacker.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.