[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Tue, 10 Sep 2013 16:06:35 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Delivery-date: Tue, 10 Sep 2013 15:06:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2013-09-10 at 17:03 +0200, Roger Pau MonnÃ wrote:
> On 10/09/13 17:02, Ian Campbell wrote:
> > On Tue, 2013-09-10 at 16:54 +0200, Roger Pau Monne wrote:
> >> libxl doesn't currently set the permissions of entries like:
> >>
> >> /local/domain/<domid>/device/<dev_type>/<devid>/backend
> >>
> >> This allows the guest to change this xenstore entries to point to a
> >> different backend path, or to malicious xenstore path forged by the
> >> guest itself. libxl currently relies on this path being valid in order
> >> to perform the unplug of devices in libxl__devices_destroy, so we
> >> should prevent the guest from modifying this xenstore entry.
> >>
> >> This patch sets the permisions of said path to be the same as a
> >> backend xenstore entry (owned by the toolstack domain, readable by the
> >> guest).
> > 
> > and just to confirm: despite having r/w access to the containing
> > directory, the guest cannot remove this node and recreate it?
> 
> No, it can't (I've tried it):
> 
> root@debian:~# xenstore-rm /local/domain/54/device/vbd/51712/backend
> xenstore-rm: could not remove path /local/domain/54/device/vbd/51712/backend

Perfect. Thanks!

I think when I come to commit I will append to the changelog:

        The xenstore permissions model does not allow domains to remove
        directories which they do not own, despite having read/write
        access to the containing directory.
        
Ian


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
  - From: Ian Campbell
- [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
  - From: Roger Pau MonnÃ

Prev by Date: Re: [Xen-devel] HVM support for e820_host (Was: Bug: Limitation of <=2GB RAM in domU persists with 4.3.0)
Next by Date: Re: [Xen-devel] [PATCH v8] interrupts: allow guest to set/clear MSI-X mask bit
Previous by thread: Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
Next by thread: Re: [Xen-devel] [PATCH] libxl: set permissions for xs frontend entry pointing to xs backend
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.