|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC] libxc: Add trusted decompressors
On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@xxxxxxxxxx> wrote: >> I'm not sure "trusted" is quite the right term though, these aren't >> really any more trustworthy than the library supplied ones -- they are >> just more suitable for a mini-os environment. > > I used the term "trusted" because it should not be fed with untrusted > input. So it should not be used in the normal libxenguest. In the case > of pv-grub, all input is trusted as it runs in the same security domain. So it's not the decompressors you trust, but the data that you trust? "Trusted decompressors" definitely means that the decompressors themselves are more trustworthy somehow; "trusting decompressors" would be a more accurate description. ;-) What I'm afraid of is that if people see "trusted decompressors", they will interpret it in exactly the opposite way -- i.e.,, they will think that the decompressors can be trusted to deal with untrusted data, perhaps because they do input sanitation or are designed to be robust against malformed data. Maybe change the comment to say "Add decompressors for trusted data based on hypervisor code", and a brief comment to each file describing what "trusted" means? -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |