[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Livepatching and Xen Security

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Fri, 19 May 2017 15:44:57 +0100
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, James Bulpin <James.Bulpin@xxxxxxxxxx>, Wei Liu <liuw@xxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Andrew Halley <andrew.halley@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 19 May 2017 14:45:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Andrew Cooper writes ("Re: [Xen-devel] Livepatching and Xen Security"):
> livepatching doesn't use libelf.
> 
> It is a new ELF parsing implementation.

I don't think we care very much about bugs in the livepatching elf
parser.  The livepatches are all completely trusted in any case.

Furthermore, I don't think we consider the binary code or pieces of
the headers or bits of the livepatching loader tools memory map or
anything secret.  So uninitialised structure bugs just leak things we
don't care about.

Does that make sense ?

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] Livepatching and Xen Security
  - From: George Dunlap
- Re: [Xen-devel] Livepatching and Xen Security
  - From: Andrew Cooper
- Re: [Xen-devel] Livepatching and Xen Security
  - From: Wei Liu
- Re: [Xen-devel] Livepatching and Xen Security
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [xen-4.8-testing test] 109585: regressions - FAIL
Next by Date: [Xen-devel] Commit moratorium for branching Xen 4.9
Previous by thread: Re: [Xen-devel] Livepatching and Xen Security
Next by thread: Re: [Xen-devel] Livepatching and Xen Security
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.