|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
On Tue, Sep 30, 2008 at 05:35:52PM +0100, Daniel P. Berrange wrote: > On Tue, Sep 30, 2008 at 05:09:21PM +0100, Keir Fraser wrote: > > On 30/9/08 16:30, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > > > > > Console data > > > > > > /local/domain/%d/console/vnc-port > > > /local/domain/%d/console/tty > > > > Duplicating this pair of nodes sounds fine to me, *but* then libvirt is > > simply remaining vulnerable to the kind of attack we're are looking to > > avoid? Can any good really come from keeping the old locations? > > Given that this is security sensitive, I have no objection to updating > libvirt to read from the new locations. The only thing I need to work > out is a reliable way to choose when to use the new location, vs the > looking at old location (for compat with existing deployments). I think the existence of /vm_path would do that, but we need to move *all* this stuff, surely. /local/domain/X/ should be effectively write-only from dom0 since none of it is trustworthy. regards john _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |