WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkb

from [Steven Hand] [Permanent Link][Original]
To: Bryan D Payne <bdpayne@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
From: Steven Hand <Steven.Hand@xxxxxxxxxxxx>
Date: Tue, 25 Jul 2006 19:48:32 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Steven.Hand@xxxxxxxxxxxx, Reiner Sailer <sailer@xxxxxxxxxx>
Delivery-date: Tue, 25 Jul 2006 11:49:55 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: Message from Bryan D Payne <bdpayne@xxxxxxxxxx> of "Tue, 25 Jul 2006 13:45:52 EDT." <OF194E0D98.3F4EC3C7-ON852571B6.005FA1C0-852571B6.0061916F@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
>> The tools hook is not just a usability/conformity check. The check
>> ensures that the tools will not set up entries in xenstore that would
>> allow blkback to create a non-conformant vbd. So there is no way for a
>> guest to trick blkback into creating a non-conformant vbd: it can only
>> connect to vbds specified in its config file or added later via the
>> vbd-add xm hotplug command. The tools stack should perform its
>> compiance checks on both 'xm create' and 'xm vbd-add', and that should
>> be sufficient.
>
>My concern is that security is now relying on the correctness of all code
>that can write to the xenstore.  The quantity of code that does this will
>likely continue to grow, and even include third party tools.  If any of
>this code attachs a vbd to a domain without performing a security check,
>then the security would be bypassed.

There still a major dependency on xenstore; it's pretty much part of the 
TCB at present. I know some folks have been thinking about how to 'secure' 
it more comprehensively while allowing integration with whatever ACM 
policy is in force. I think this is a more promising approach than an ad 
hoc extra check in blkback. 


cheers,

S.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] Minor fix to xentop to stop it dying when domains go away at the wrong time, Keir Fraser
Next by Date:  [Xen-devel] Daily Xen-HVM Build Testing: cs10712, Rick Gonzalez
Previous by Thread:  Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D Payne
Next by Thread:  Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Mike D. Day
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy