[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] Is:livepatch-build-tools.git declare it supported? Was:Re: [PATCH for-4.9] livepatch: Declare live patching as a supported feature
- To: George Dunlap <george.dunlap@xxxxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Tue, 22 Aug 2017 12:16:04 +0100
- Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <liuw@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, RossLagerwall <ross.lagerwall@xxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
- Delivery-date: Tue, 22 Aug 2017 11:16:40 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Tue, Aug 22, 2017 at 11:58:57AM +0100, George Dunlap wrote:
> I think guest OS support is actually a pretty good analog. I can't
> imagine not issuing XSAs for bugs in Linux, just as I can't imagine
> not issuing XSAs for actual security issues that get found in the
> livepatch tools. If you think we shouldn't give security support for
> Linux, it makes sense that you would feel the same way for
> livepatch-tools (although I don't really understand why you think that
> way about either).
>
> We issue more XSAs for Linux than for other guests, in part because of
> the complexity of the code inside Linux compared to other OSes; but
> also in part due to the fact that that is the most tested and
> looked-at. There probably *are* more bugs in Linux than in NetBSD or
> FreeBSD; but also more of them are found because more people are
> testing and looking.
IMHO, we issue XSA for Linux because Linux lacks a security process.
If a bug was found in the BSDs, it should be handled using the normal
security process that each BSD has, and a SA would be issued by the
security officer:
https://www.freebsd.org/security/advisories.html
For example NetBSD has recently released a SA for a Xen-specific
PV vulnerability in their implementation:
ftp://ftp.nl.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-003.txt.asc
Roger.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|