WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

from [Pascal Bouchareine] [Permanent Link][Original]
To: John Levon <levon@xxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
From: Pascal Bouchareine <pascal@xxxxxxxxx>
Date: Tue, 30 Sep 2008 19:21:38 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 30 Sep 2008 10:22:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20080930163537.GA25535@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20080930153054.GE15442@xxxxxxxxxx> <C5080DC1.279C8%keir.fraser@xxxxxxxxxxxxx> <20080930163537.GA25535@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.11 
On Tue, Sep 30, 2008 at 05:35:37PM +0100, John Levon wrote:
> Why isn't xenstored refusing writes/deletes from domid != 0 for these ?
> Isn't this a much better fix?

We have to manage races and such, and prevent deletion up to the
parent nodes, too - Was not sure this was wanted/easy to do, or
clean as you mention

> BTW, the ability to change the name or whatever also seems suspect,
> though most likely less serious.

Untrusted user input coming into dom0 surely leads to bad things. 
"name" is stored into /vm too, I guess this one is used by tools ?

Most sensitive information in xend can be moved replacing calls to
read/storeDom with calls to read/storeVm.

-- 
\o/   Pascal Bouchareine - Gandi 
 g    0170393757           15, place de la Nation - 75011 Paris      

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] page faults in case of invalid use reserved bits for i386 PAE enabled DOM0, pallavi jk
Next by Date:  RE: [Xen-devel] Re: cpuid information to hvm guest, Kamble, Nitin A
Previous by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, John Levon
Next by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy