[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.13] tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED
commit b6939685484deef2b4fcdd5ca2084980544b55e4 Author: Edwin Török <edvin.torok@xxxxxxxxxx> AuthorDate: Tue Dec 15 14:19:28 2020 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Dec 15 14:19:28 2020 +0100 tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED The Xenstore command XS_IS_DOMAIN_INTRODUCED should be possible for privileged domains only (the only user in the tree is the xenpaging daemon). This is part of XSA-115. Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx> Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- tools/ocaml/xenstored/process.ml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml index 2fa6798e3b..fd79ef564f 100644 --- a/tools/ocaml/xenstored/process.ml +++ b/tools/ocaml/xenstored/process.ml @@ -166,7 +166,9 @@ let do_setperms con t _domains _cons data = let do_error _con _t _domains _cons _data = raise Define.Unknown_operation -let do_isintroduced _con _t domains _cons data = +let do_isintroduced con _t domains _cons data = + if not (Connection.is_dom0 con) + then raise Define.Permission_denied; let domid = match (split None '\000' data) with | domid :: _ -> int_of_string domid -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |