[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature

To: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Wed, 28 Jun 2017 12:41:31 -0400
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <liuw@xxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
Delivery-date: Wed, 28 Jun 2017 16:41:58 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

. snip..
> > Now all of the customers that have applied those patches are vulnerable.
> > 
> > Do you:
> > 
> > 1. Tell the reporter to post it publicly to xen-devel immediately, since
> > livepatch tools are not security supported -- thus "zero-day"-ing all
> > your customers (as well as anyone else who happens to have used x.yy to
> > build a hypervisor)?
> > 
> > 2. Secretly take advantage of Citrix' privileged position on the
> > security list, and try to get an update out to your customers before it
> > gets announced (but allowing everyone *else* using gcc x.yy to
> > experience a zero-day)?
> > 
> > 3. Issue an XSA so that everyone has the opportunity to fix things up
> > before making a public announcement, and so that anyone not on the
> > embargo list gets an alert, so they know to either update their own
> > livepatches, or look for updates from their software provider?
> > 
> > I think #3 is the only possible choice.
> > 
> >   -George
> > 
> 
> The issue here is that any bug in livepatch-build-tools which still results
> in output being generated would be a security issue, because someone might
> have used it to patch a security issue. livepatch-build-tools is certainly
> not stable enough yet (ever?) to be treated in this fashion.
> 

To add a bit. The livepatch-build-tools does not have to be used to 
create the livepatches. One can use other tools to create the livepatches
(like for example the test-cases).

And there is a nice design 
http://xenbits.xen.org/docs/unstable/misc/livepatch.html
(see "Design of payload format") which describes what the format of this 
livepatch
MUST be.

> -- 
> Ross Lagerwall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
  - From: Ross Lagerwall
- Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
  - From: George Dunlap
- Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
  - From: George Dunlap
- Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
  - From: Ross Lagerwall

Prev by Date: Re: [Xen-devel] [PATCH] xen/x86: Don't BUG on CPU0 offlining
Next by Date: Re: [Xen-devel] [PATCH v1] vvmx: fix ept_sync() for nested p2m
Previous by thread: Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
Next by thread: Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.