|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v4 2/6] SUPPORT.md: Add qemu-depriv section
> -----Original Message----- > From: Xen-devel [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf > Of George Dunlap > Sent: 05 November 2018 18:07 > To: xen-devel@xxxxxxxxxxxxxxxxxxxx > Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>; Wei Liu > <wei.liu2@xxxxxxxxxx>; Konrad Wilk <konrad.wilk@xxxxxxxxxx>; Andrew Cooper > <Andrew.Cooper3@xxxxxxxxxx>; Tim (Xen.org) <tim@xxxxxxx>; George Dunlap > <George.Dunlap@xxxxxxxxxx>; Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>; > Julien Grall <julien.grall@xxxxxxx>; Jan Beulich <jbeulich@xxxxxxxx>; > Anthony Perard <anthony.perard@xxxxxxxxxx>; Ian Jackson > <Ian.Jackson@xxxxxxxxxx> > Subject: [Xen-devel] [PATCH v4 2/6] SUPPORT.md: Add qemu-depriv section > > Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> > --- > Changes since v3: > - Moved from the qemu-depriv doc patches. > - Reword to include the possibility of having a non-dom0 "devicemodel" > domain which may want to be protected > - Specify `Linux dom0` as the currently-tech-supported window > > CC: Ian Jackson <ian.jackson@xxxxxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > CC: Jan Beulich <jbeulich@xxxxxxxx> > CC: Tim Deegan <tim@xxxxxxx> > CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Julien Grall <julien.grall@xxxxxxx> > CC: Anthony Perard <anthony.perard@xxxxxxxxxx> > CC: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx> > --- > SUPPORT.md | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/SUPPORT.md b/SUPPORT.md > index 4f203da84a..1f0f5857a7 100644 > --- a/SUPPORT.md > +++ b/SUPPORT.md > @@ -525,6 +525,26 @@ Vulnerabilities of a device model stub domain > to a hostile driver domain (either compromised or untrusted) > are excluded from security support. > > +### Device Model Deprivileging > + > + Status, Linux dom0: Tech Preview, with limited support > + > +This means adding extra restrictions to a device model in order to > +prevent a compromised device model from attack the rest of the domain s/attack/attacking/ Paul > +it's running in (normally dom0). > + > +"Tech preview with limited support" means we will not issue XSAs for > +the _additional_ functionality provided by the feature; but we will > +issue XSAs in the event that enabling this feature opens up a security > +hole that would not be present without the feature disabled. > + > +For example, while this is classified as tech preview, a bug in libxl > +which failed to change the user ID of QEMU would not receive an XSA, > +since without this feature the user ID wouldn't be changed. But a > +change which made it possible for a compromised guest to read > +arbitrary files on the host filesystem without compromising QEMU would > +be issued an XSA, since that does weaken security. > + > ### KCONFIG Expert > > Status: Experimental > -- > 2.19.1 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxxx > https://lists.xenproject.org/mailman/listinfo/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |