[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
- To: Paolo Bonzini <pbonzini@xxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Jordan L Justen <jordan.l.justen@xxxxxxxxx>, Star Zeng <star.zeng@xxxxxxxxx>
- From: Laszlo Ersek <lersek@xxxxxxxxxx>
- Date: Wed, 9 Sep 2015 13:41:04 +0200
- Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, edk2-devel-01 <edk2-devel@xxxxxxxxxxx>, Gary Ching-Pang Lin <glin@xxxxxxxx>, "Gabriel L. Somlo \(GMail\)" <gsomlo@xxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>
- Delivery-date: Wed, 09 Sep 2015 11:41:19 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 09/09/15 13:30, Paolo Bonzini wrote:
>
>
> On 09/09/2015 13:07, Ian Campbell wrote:
>> I have a question: What attack vector is setting the stack as Nx in OVMF
>> (or even UEFI generally) trying to protect against? Or is this being done
>> for a reason other than security?
>>
>> I understand why it is done for kernels and apps, but where does the
>> untrusted element which is being protected against come from when running
>> UEFI?
>
> I guess something could attack shim.efi or GRUB, and subvert secure
> boot's chain of trust.
... or the firmware could be fed some malicious data over the network,
when the fw (e.g. shim) boots off PXE (or, in case of edk2, HTTP), and a
buffer overflow could lead to the execution of arbitrary code?...
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
