[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Tue, 24 Jan 2017 11:33:13 +0000
Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 24 Jan 2017 11:33:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen security 
policy about what constitutes a vulnerability"):
> "If a bug requires a vulnerable operating system to be exploitable, the
>  Xen Security Team will pro-actively investigate the vulnerability of
>  the following open-source operating systems: Linux, OpenBSD, FreeBSD,
>  and NetBSD.  The security team will also test or otherwise investigate
>  the vulnerability of supported Windows versions, and it may also do so
>  for some other proprietary operating systems."

I don't think we can promise to come up with a definitely conclusion
for any proprietary system, can we ?  Answering such a question for
Windows is not within our power because we don't have the source code.

The question, which the above text leaves unclear, is, what do we do
if we aren't sure whether there are configurations of Windows which
have the exposed behaviour.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: Jan Beulich

References:
- [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: George Dunlap
- Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: Jan Beulich
- Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: George Dunlap
- Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: George Dunlap
- Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v2 01/14] x86/cpufeatures: Expose self-snoop to all guests
Next by Date: Re: [Xen-devel] [PATCH v2 04/14] x86/cpuid: Handle more simple Intel leaves in guest_cpuid()
Previous by thread: Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
Next by thread: Re: [Xen-devel] RFC: Adding a section to the Xen security policy about what constitutes a vulnerability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.