This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] Re: malicious paravirtualized guests: security andisolat

On Wed, 2008-11-12 at 13:21 +1100, James Harper wrote:

> Is there a limit on the amount of data you can write to the xenstore?
> Overflowing some limit in xenstore could be one method of causing a
> crash.

That's funny, I was just trying to find where these were set when
xenstored is started:

 --entry-nb <nb>     limit the number of entries per domain,
 --entry-size <size> limit the size of entry per domain, and
 --entry-watch <nb>  limit the number of watches per domain,
 --transaction <nb>  limit the number of transaction allowed per domain,

So if the number of entries per domain (plus size per entry) can be
limited .. it seems that at least --entry-size is not being enforced?

If it were, the only way to overflow the store would be from dom-0,
creating infinite domain entries @ xx bytes each until it exploded.

Argh, I wish I was better with Python.


Xen-users mailing list