[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

Pascal Bouchareine writes ("Re: [Xen-devel] [PATCH] [Xend] Move some backend 
configuration"):
> On Thu, Oct 02, 2008 at 10:49:34AM +0100, Keir Fraser wrote:
> > An update on this: I solved this issue by fiddling permissions in xenstore
> > after all! /local/domain/<domid> is now read-only to the guest, and specific
> > subdirs only are writable (currently device, error and control).
> 
> writing into device allows the guest to rewrite it's backend
> location, this should be protected too i guess ?

We will arrange for the backend location not to be trusted by anything
important.  In fact, it is entirely formulaic: if you know which
domain the backend is supposed to be in, you can simply shuffle the
path components.  And you can double check against the backend's
frontend path.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.