[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v1] Add build-id to XENVER hypercall.



On 09/10/15 09:17, Jan Beulich wrote:
>>>> On 09.10.15 at 04:56, <konrad.wilk@xxxxxxxxxx> wrote:
>> However they also change the behavior of the existing hypercall
>> for XENVER_[compile_info|changeset|commandline] and make them
>> dom0 accessible. This is if XSM is built in or not (though with
>> XSM one can expose it to a guest if desired).
> Wasn't the outcome of the previous discussion that we should not
> alter default behavior for existing sub-ops?

I raised a worry that some guests might break if they suddenly have
access to this information cut off.

> And even if I'm
> misremembering, I can see reasons for not exposing the command
> line, but what value has not exposing compile info and changeset
> again?

There is a fear that providing such information makes it easier for
attackers who have an exploit for a specific binary.

> The more that the tool stack uses the two, and as we know
> tool stacks or parts thereof can live in unprivileged domains.

I would argue than a fully unprivileged toolstack domain has no need for
any information from this hypercall.  It it needs some privilege, then
XSM is in use and it can be given access.

> Plus
> there is also a (hg-centric and hence generally broken) attempt to
> store it in hvm_save().

I will be addressing this in due course with my further cpuid plans.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.