[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH for-4.12 v2 0/8] tools: Depriv fd checking, internal fd access

From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

This series provides the support in xen.git for auditing whether qemu
file descriptors are deprivileged, as expected with libxl

The approach I have chosen is to fish the descriptors out of qemu (by
using debugging facilities), and try to make hypercalls etc. using

To take making a hypercall as an example: this is not easily done
without libxc.  So I need to make libxc make a hypercall with a
different fd - actually, a different open-file.  I do this by using
dup2 to overwrite libxc's fd with the one stolen from qemu.  That
means I need to know libxc's fd number.  Hence the handle access
patches in this series.

Compared to v2, this fixes the issues identified, and also, as
promised, introduces the actual descriptor checking utility here in
xen.git.  Building it out-of-tree is quite tiresome and anyway the
utility might be useful for other purposes.

This is not 4.11 material.  qemu depriv is not covered by support in
4.11 anyway.  In 4.12 I want it to be supported, and, therefore,
tested and audited.  If it becomes fully supported there, it might be
worth backporting some of these patches.

The utility `fishdescriptor', referred to, is part of the Debian
package chiark-scripts.deb.  A newish version of that package is
needed.  That will be dealt with fully in the corresponding osstest

Ian Jackson (8):
  libxc: Drop declarations of osdep_privcmd_open and _close
  libxc: Provide access to internal handles
  tools: xencall, xengnttab, xengntshr: Provide access to internal fds
  libxl: Provide better error message when qemu restrict user not found
  tools/tests/depriv: New test utility for deprivilege auditing
  tools/tests: Allow a test subdir to have `install' and `uninstall'
  tools/tests/depriv: Install depriv-fd-checker in our private libexec
  tools/tests/depriv-fd-checker: Support checking of Linux tun devices

 .gitignore                             |   1 +
 tools/libs/call/core.c                 |   5 +
 tools/libs/call/include/xencall.h      |   8 +
 tools/libs/call/libxencall.map         |   6 +
 tools/libs/gnttab/gntshr_core.c        |   6 +
 tools/libs/gnttab/gnttab_core.c        |   5 +
 tools/libs/gnttab/include/xengnttab.h  |  17 ++
 tools/libs/gnttab/libxengnttab.map     |   6 +
 tools/libxc/include/xenctrl.h          |  10 +
 tools/libxc/xc_private.c               |  15 ++
 tools/libxc/xc_private.h               |   3 -
 tools/libxl/libxl_dm.c                 |   5 +-
 tools/tests/Makefile                   |   7 +-
 tools/tests/depriv/Makefile            |  51 ++++
 tools/tests/depriv/depriv-fd-checker.c | 433 +++++++++++++++++++++++++++++++++
 tools/tests/mce-test/Makefile          |   2 +
 tools/tests/mem-sharing/Makefile       |   2 +
 tools/tests/xen-access/Makefile        |   2 +
 tools/tests/xenstore/Makefile          |   2 +
 19 files changed, 576 insertions(+), 10 deletions(-)
 create mode 100644 tools/tests/depriv/Makefile
 create mode 100644 tools/tests/depriv/depriv-fd-checker.c


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.