[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
Markus Armbruster writes ("Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass"): > I'm looking at xen-unstable cset 17606 and 17646. If I understand > your patches correctly, you attack the security problem in two places: > > (1) make format probing never return raw, and Right. That's a safety catch so that there's no vulnerability in any cases I missed, of which I was definitely expecting some. > (2) provide means to specify the format explicitly, bypassing probing. > > You put (2) in xenstore_parse_domain_config(). I can see how that > works for block devices defined in the domain configuration. But what > about USB disks? I created a guest with the following settings: ... > The -usbdevice argument is ultimately processed by usb_device_add(), > which calls usb_msd_init() to do the real work. I think we get (1), > but not (2) there, i.e. your change breaks raw format USB disks. That's quite likely. I hadn't spotted that separate arrangement. The best thing to do would be probably be to cross-port the format parameter code which upstream have introduced in this area to (mostly) fix the bug in their version. I'll look into it. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |