WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD

from [Brendan Cully] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD
From: Brendan Cully <brendan@xxxxxxxxx>
Date: Wed, 18 Oct 2006 10:47:19 -0700
Delivery-date: Wed, 18 Oct 2006 10:47:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C15C1753.2BF4%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AC9CC971-B2CA-422F-9FD8-FA6AB11295C3@xxxxxxxxxxxxx> <C15C1753.2BF4%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-09-01) 
On Wednesday, 18 October 2006 at 17:39, Keir Fraser wrote:
> On 18/10/06 17:34, "Anil Madhavapeddy" <anil@xxxxxxxxxxxxx> wrote:
> 
> >> We have that already in arch/x86/Rules.mk. If that was working, I
> >> doubt
> >> Christoph would have gone to the trouble of hacking up the SSP goop.
> >> 
> > 
> > That flag definitely works.
> > 
> > I think Christoph wanted to get stack protection working, as all the
> > other OpenBSD bits (kernel/userland) use it.  There isn't much to it
> > beyond adding the stack smash handler, and the stack frame format
> > changes a bit...
> 
> I don't think stack-smashing attacks are a worrying vulnerability for Xen.
> We don't do much variable-sized buffer manipulation, strcpy, and so on. I'd
> much rather see someone put some effort into something more likely to be
> useful (albeit undoubtedly more work!) like randomised attacks on the
> hypercall interfaces.

I built something to do that for a course project a few months ago -
basically a kernel module to pass along completely unchecked
hypercalls, generated by a python script with a few hooks to filter
out those that it knew Xen would catch anyway. It even managed to
crash xen periodically, but I never quite finished the piece that was
supposed to reproduce crashes after they happened. I guess I should
clean it up and post it somewhere...

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] XenTrace enhancement for VMX SMP guest, Li, Xin B
Next by Date:  [Xen-devel] [PATCH] rmmod xennet in dom0 crashes, James Dykman
Previous by Thread:  Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD, Keir Fraser
Next by Thread:  RE: [Xen-devel] [PATCH 1/3] Add support for OpenBSD, Ian Pratt
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy