[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

On Thu, Apr 07, 2016 at 05:19:37PM +0100, Ian Jackson wrote:
> Konrad Rzeszutek Wilk writes ("[PATCH v6 08/24] xsplice: Add helper elf 
> routines"):
> > From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> > 
> > Add Elf routines and data structures in preparation for loading an
> > xSplice payload.
> > 
> > We make an assumption that the max number of sections an ELF payload
> > can have is 64. We can in future make this be dependent on the
> > names of the sections and verifying against a list, but for right now
> > this suffices.
> > 
> > Also we a whole lot of checks to make sure that the ELF payload
> > file is not corrupted nor that the offsets point past the file.
> This is good, but: ideally I would like to avoid conducting a detailed
> security review of this code.
> My understanding of this is that the purpose of this machinery is to
> supply binary runtime patches to the hypervisor.  So I think someone
> who can inject malicious xsplice payloads can already control the
> host.  Is that right ?

<nods>The payload could be just fine from an ELF perspective and
insert an patch that immediately calls BUG_ON().

> If so then bugs in this loader cannot be any security impact.

> It might be worth mentioning somewhere that this loader must not be
> used for xsplice payloads for guest kernels.

How "fun" would that be! Also I do want signature checking on
the payloads so at least we would only load ones that are trusted
from a vendor. But that is v2 goal.

> Ian.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.