[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.10] tools/xenstore: check privilege for XS_IS_DOMAIN_INTRODUCED



commit 2fee46c8d74e16647b7b1f63cac42efa26a77dbd
Author:     Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Thu Jun 11 16:12:41 2020 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Dec 15 14:43:12 2020 +0100

    tools/xenstore: check privilege for XS_IS_DOMAIN_INTRODUCED
    
    The Xenstore command XS_IS_DOMAIN_INTRODUCED should be possible for
    privileged domains only (the only user in the tree is the xenpaging
    daemon).
    
    Instead of having the privilege test for each command introduce a
    per-command flag for that purpose.
    
    This is part of XSA-115.
    
    Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
    Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Paul Durrant <paul@xxxxxxx>
---
 tools/xenstore/xenstored_core.c   | 24 ++++++++++++++++++------
 tools/xenstore/xenstored_domain.c |  7 ++-----
 2 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 444dea3cd8..b4e6744eaf 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1283,8 +1283,10 @@ static struct {
        int (*func)(struct connection *conn, struct buffered_data *in);
        unsigned int flags;
 #define XS_FLAG_NOTID          (1U << 0)       /* Ignore transaction id. */
+#define XS_FLAG_PRIV           (1U << 1)       /* Privileged domain only. */
 } const wire_funcs[XS_TYPE_COUNT] = {
-       [XS_CONTROL]           = { "CONTROL",           do_control },
+       [XS_CONTROL]           =
+           { "CONTROL",       do_control,      XS_FLAG_PRIV },
        [XS_DIRECTORY]         = { "DIRECTORY",         send_directory },
        [XS_READ]              = { "READ",              do_read },
        [XS_GET_PERMS]         = { "GET_PERMS",         do_get_perms },
@@ -1294,8 +1296,10 @@ static struct {
            { "UNWATCH",       do_unwatch,      XS_FLAG_NOTID },
        [XS_TRANSACTION_START] = { "TRANSACTION_START", do_transaction_start },
        [XS_TRANSACTION_END]   = { "TRANSACTION_END",   do_transaction_end },
-       [XS_INTRODUCE]         = { "INTRODUCE",         do_introduce },
-       [XS_RELEASE]           = { "RELEASE",           do_release },
+       [XS_INTRODUCE]         =
+           { "INTRODUCE",     do_introduce,    XS_FLAG_PRIV },
+       [XS_RELEASE]           =
+           { "RELEASE",       do_release,      XS_FLAG_PRIV },
        [XS_GET_DOMAIN_PATH]   = { "GET_DOMAIN_PATH",   do_get_domain_path },
        [XS_WRITE]             = { "WRITE",             do_write },
        [XS_MKDIR]             = { "MKDIR",             do_mkdir },
@@ -1304,9 +1308,11 @@ static struct {
        [XS_WATCH_EVENT]       = { "WATCH_EVENT",       NULL },
        [XS_ERROR]             = { "ERROR",             NULL },
        [XS_IS_DOMAIN_INTRODUCED] =
-                       { "IS_DOMAIN_INTRODUCED", do_is_domain_introduced },
-       [XS_RESUME]            = { "RESUME",            do_resume },
-       [XS_SET_TARGET]        = { "SET_TARGET",        do_set_target },
+           { "IS_DOMAIN_INTRODUCED", do_is_domain_introduced, XS_FLAG_PRIV },
+       [XS_RESUME]            =
+           { "RESUME",        do_resume,       XS_FLAG_PRIV },
+       [XS_SET_TARGET]        =
+           { "SET_TARGET",    do_set_target,   XS_FLAG_PRIV },
        [XS_RESET_WATCHES]     = { "RESET_WATCHES",     do_reset_watches },
        [XS_DIRECTORY_PART]    = { "DIRECTORY_PART",    send_directory_part },
 };
@@ -1334,6 +1340,12 @@ static void process_message(struct connection *conn, 
struct buffered_data *in)
                return;
        }
 
+       if ((wire_funcs[type].flags & XS_FLAG_PRIV) &&
+           domain_is_unprivileged(conn)) {
+               send_error(conn, EACCES);
+               return;
+       }
+
        trans = (wire_funcs[type].flags & XS_FLAG_NOTID)
                ? NULL : transaction_lookup(conn, in->hdr.msg.tx_id);
        if (IS_ERR(trans)) {
diff --git a/tools/xenstore/xenstored_domain.c 
b/tools/xenstore/xenstored_domain.c
index eb1f541188..e25d2c2e53 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -385,7 +385,7 @@ int do_introduce(struct connection *conn, struct 
buffered_data *in)
        if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec))
                return EINVAL;
 
-       if (domain_is_unprivileged(conn) || !conn->can_write)
+       if (!conn->can_write)
                return EACCES;
 
        domid = atoi(vec[0]);
@@ -453,7 +453,7 @@ int do_set_target(struct connection *conn, struct 
buffered_data *in)
        if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec))
                return EINVAL;
 
-       if (domain_is_unprivileged(conn) || !conn->can_write)
+       if (!conn->can_write)
                return EACCES;
 
        domid = atoi(vec[0]);
@@ -488,9 +488,6 @@ static struct domain *onearg_domain(struct connection *conn,
        if (!domid)
                return ERR_PTR(-EINVAL);
 
-       if (domain_is_unprivileged(conn))
-               return ERR_PTR(-EACCES);
-
        return find_connected_domain(domid);
 }
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.10



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.