WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Re: malicious paravirtualized guests: security andisolat

from [Tim Post] [Permanent Link][Original]
To: James Harper <james.harper@xxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation
From: Tim Post <echo@xxxxxxxxxxxx>
Date: Wed, 12 Nov 2008 10:36:09 +0800
Cc: Vasiliy Baranov <vasiliy.baranov@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 11 Nov 2008 18:37:08 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AEC6C66638C05B468B556EA548C1A77D0154FB62@trantor>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <e4a2b0250811060515y6a898342u372768672e7365a@xxxxxxxxxxxxxx> <e4a2b0250811110635sfd631f8j34bde29d442a436c@xxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D0154FB62@trantor>
Reply-to: echo@xxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Wed, 2008-11-12 at 13:21 +1100, James Harper wrote:

> Is there a limit on the amount of data you can write to the xenstore?
> Overflowing some limit in xenstore could be one method of causing a
> crash.

That's funny, I was just trying to find where these were set when
xenstored is started:


 --entry-nb <nb>     limit the number of entries per domain,
 --entry-size <size> limit the size of entry per domain, and
 --entry-watch <nb>  limit the number of watches per domain,
 --transaction <nb>  limit the number of transaction allowed per domain,

So if the number of entries per domain (plus size per entry) can be
limited .. it seems that at least --entry-size is not being enforced?

If it were, the only way to overflow the store would be from dom-0,
creating infinite domain entries @ xx bytes each until it exploded.

Argh, I wish I was better with Python.

Cheers,
--Tim


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Re: malicious paravirtualized guests: security and isolation, Tim Post
Next by Date:  RE: [Xen-users] GPL PV Intermittent Network Problems (HALIssue), James Harper
Previous by Thread:  RE: [Xen-users] Re: malicious paravirtualized guests: security andisolation, James Harper
Next by Thread:  RE: [Xen-users] Re: malicious paravirtualized guests: securityandisolation, James Harper
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy