[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm: hide detailed Xen version from unprivileged guests

On 20.12.2019 00:15, Andrew Cooper wrote:
> On 19/12/2019 11:35, Jan Beulich wrote:
>>>>>     XENVER_changeset
>>>>>     XENVER_commandline
>>>>>     XENVER_build_id
>>>>> Return a more customer friendly empty string instead of "<denied>"
>>>>> which would be shown in tools like dmidecode.>
>>>> I think "<denied>" is quite fine for many of the original purposes.
>>>> Maybe it would be better to filter for this when populating guest
>>>> DMI tables?
>>> I don't know how DMI tables are populated, but nothing stops a guest
>>> from using these hypercalls directly.
>> And this is precisely the case where I think "<denied>" is better
>> than an empty string.
> "<denied>" was a terrible choice back when it was introduced, and its
> still a terrible choice today.

That's a matter of taste - it's not terrible at all to me.

> These are ASCII string fields, and the empty string is a perfectly good
> string.  Nothing is going to break, because it would have broken the
> first time around.

In some cases an empty string may have a meaning of "none" or
"nothing", which is not the same as "I won't tell you".


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.