WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore c

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Fri, 2 Jul 2010 18:43:39 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 02 Jul 2010 10:44:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19502.6363.477323.378577@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsaBtRzq5y8nRFrRSultmtjOKgHiQAB0ZAu
Thread-topic: [Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C xenstore client libs.
User-agent: Microsoft-Entourage/12.24.0.100205
On 02/07/2010 17:50, "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx> wrote:

> Tim Deegan writes ("[Xen-devel] [PATCH] tools: add XS_RESTRICT operation to C
> xenstore client libs."):
>> The OCaml xenstored supports the XS_RESTRICT operation, which
>> deprivileges a dom0 xenstore connection so it can only affect one
>> domain's entries.   Add the relevant definitions to the C libraries
>> so that callers can use it.
> 
> Can you explain what this is for, please ?  If it's for security
> against a hostile caller, what prevents the caller from simply opening
> another xenstore connection ?

A daemon like qemu-dm can do privileged things like opening a xenstore
connection, and then deprivilege itself via setuid() before handling I/O
requests and exposing itself on that particular attack front. XS_RESTRICT
allows such a service to further and more precisely deprivilege itself.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>