[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.10] tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED
commit 59dc712c72076fb778659aaba40da5d623fe8ee1 Author: Edwin Török <edvin.torok@xxxxxxxxxx> AuthorDate: Tue Dec 15 14:43:49 2020 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Dec 15 14:43:49 2020 +0100 tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED The Xenstore command XS_IS_DOMAIN_INTRODUCED should be possible for privileged domains only (the only user in the tree is the xenpaging daemon). This is part of XSA-115. Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx> Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- tools/ocaml/xenstored/process.ml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml index 0a0e43d1f0..f374abe998 100644 --- a/tools/ocaml/xenstored/process.ml +++ b/tools/ocaml/xenstored/process.ml @@ -166,7 +166,9 @@ let do_setperms con t domains cons data = let do_error con t domains cons data = raise Define.Unknown_operation -let do_isintroduced con t domains cons data = +let do_isintroduced con _t domains _cons data = + if not (Connection.is_dom0 con) + then raise Define.Permission_denied; let domid = match (split None '\000' data) with | domid :: _ -> int_of_string domid -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.10
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |