|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] xsm: hide detailed Xen version from unprivileged guests
Hi, On 13/01/2020 12:51, George Dunlap wrote: On 1/12/20 6:26 PM, Doug Goldstein wrote:On 1/11/20 3:02 AM, George Dunlap wrote:1. Block XENVER_extraversion at the hypervisor level. Change the xen_deny() string to "". (This is v1 of sergey's patch.) 2. Block XENVER_extraversion at the hypervisor level. Leave xen_deny() as returning "<denied>", but replace "<denied>" with "" in hvmloader so it doesn't show up in the System Info and scare users. 3. Block XENVER_extraversion at the hypervisor level. Change xen_deny() to return a more benign string like "<hidden>". (Perhaps also filter it in hvmloader, just for good measure.) 4. Block XENVER_extraversion at the hypervisor level. Make the xen_deny() string configurable in KConfig. A Kconfig option is indeed ideal as some of the stakeholder may want to keep control of the string exposed. But if we go the Kconfig route, then maybe we want to allow each bits (extraversion, compiler...) to be separatly configurable. I would be more than happy to help writing such a patch if there is an interest for it. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |