WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

from [Keir Fraser] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Pascal Bouchareine <pascal@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Thu, 02 Oct 2008 11:28:05 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, John Levon <levon@xxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 02 Oct 2008 03:28:34 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <18660.41157.41727.193987@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AckkeY4SzN6sgJBsEd2OgAAX8io7RQ==
Thread-topic: [Xen-devel] [PATCH] [Xend] Move some backend configuration
User-agent: Microsoft-Entourage/11.4.0.080122 
On 2/10/08 11:21, "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx> wrote:

>> writing into device allows the guest to rewrite it's backend
>> location, this should be protected too i guess ?
> 
> We will arrange for the backend location not to be trusted by anything
> important.  In fact, it is entirely formulaic: if you know which
> domain the backend is supposed to be in, you can simply shuffle the
> path components.  And you can double check against the backend's
> frontend path.

If you know the backend domid this works great. You don't need to check
anything in this case. If you try to validate the frontend's backend
reference then that's hard: strictly speaking you can only trust the
/local/domain/0 path prefix since otherwise two domains could collude to
redirect you to a backend directory under their control (or a domain could
point you at a 'backend directory' under its own path prefix, for example).
So this approach really only works for backends known to be in dom0 (which
of course is true for the vast majority of Xen installations). Hence xend is
storing the backend path under /vm where it's safe. Equally it could store
only the backend-id and construct the backend path from that.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson
Next by Date:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson
Previous by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy