[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

Konrad Rzeszutek Wilk writes ("[PATCH v6 08/24] xsplice: Add helper elf 
> From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> Add Elf routines and data structures in preparation for loading an
> xSplice payload.
> We make an assumption that the max number of sections an ELF payload
> can have is 64. We can in future make this be dependent on the
> names of the sections and verifying against a list, but for right now
> this suffices.
> Also we a whole lot of checks to make sure that the ELF payload
> file is not corrupted nor that the offsets point past the file.

This is good, but: ideally I would like to avoid conducting a detailed
security review of this code.

My understanding of this is that the purpose of this machinery is to
supply binary runtime patches to the hypervisor.  So I think someone
who can inject malicious xsplice payloads can already control the
host.  Is that right ?

If so then bugs in this loader cannot be any security impact.

It might be worth mentioning somewhere that this loader must not be
used for xsplice payloads for guest kernels.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.