[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver

>> The tools hook is not just a usability/conformity check. The check
>> ensures that the tools will not set up entries in xenstore that would
>> allow blkback to create a non-conformant vbd. So there is no way for a
>> guest to trick blkback into creating a non-conformant vbd: it can only
>> connect to vbds specified in its config file or added later via the
>> vbd-add xm hotplug command. The tools stack should perform its
>> compiance checks on both 'xm create' and 'xm vbd-add', and that should
>> be sufficient.
>My concern is that security is now relying on the correctness of all code
>that can write to the xenstore.  The quantity of code that does this will
>likely continue to grow, and even include third party tools.  If any of
>this code attachs a vbd to a domain without performing a security check,
>then the security would be bypassed.

There still a major dependency on xenstore; it's pretty much part of the 
TCB at present. I know some folks have been thinking about how to 'secure' 
it more comprehensively while allowing integration with whatever ACM 
policy is in force. I think this is a more promising approach than an ad 
hoc extra check in blkback. 



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.