[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Fri, 30 May 2008 11:00:02 +0200
Cc: Eren TÃrkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 May 2008 02:00:36 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I'm looking at xen-unstable cset 17606 and 17646.  If I understand
your patches correctly, you attack the security problem in two places:

(1) make format probing never return raw, and

(2) provide means to specify the format explicitly, bypassing probing.

You put (2) in xenstore_parse_domain_config().  I can see how that
works for block devices defined in the domain configuration.  But what
about USB disks?  I created a guest with the following settings:

    usb = 1
    usbdevice = "disk:/var/lib/xen/images/usbkey.img"

This duly started qemu with arguments

    -usb -usbdevice disk:/var/lib/xen/images/usbkey.img

The -usbdevice argument is ultimately processed by usb_device_add(),
which calls usb_msd_init() to do the real work.  I think we get (1),
but not (2) there, i.e. your change breaks raw format USB disks.

Monitor command "usb_add" also runs usb_device_add(), so it should
have the same problem.

I suspect monitor command "change" has the same problem, too.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson

References:
- [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Eren TÃrkay
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Daniel P. Berrange
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Daniel P. Berrange
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson
- Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
  - From: Daniel P. Berrange
- [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
  - From: Ian Jackson

Prev by Date: [Xen-devel] Re: [bisected] Re: [PATCH 05 of 12] xen: add p2m mfn_list_list
Next by Date: Re: [Xen-devel] is it possible to build two privileged domain at boot time?
Previous by thread: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
Next by thread: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.