[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security support status of xnf(4) and xbf(4)

Demi Marie Obenour [demi@xxxxxxxxxxxxxxxxxxxxxx] wrote:
> Linux???s netfront and blkfront drivers recently had a security
> vulnerability (XSA-396) that allowed a malicious backend to potentially
> compromise them.  In follow-up audits, I found that OpenBSD???s xnf(4)
> currently trusts the backend domain.  I reported this privately to Theo
> de Raadt, who indicated that OpenBSD does not consider this to be a
> security concern.
> 

A malicious backend could completely compromise the virtual host in an
infinite number of ways. Perhaps a small patch to find incorrect values
would be of value, but even then, a patch would only be a very slight
improvment. If you patch the manual page, should OpenBSD start putting
notifications in all manual pages that a compromised virtual machine
backend may compromise the integrity of the virtual host?

Chris

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.