Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

[Keir Fraser <keir.fraser@xxxxxxxxxxxxx>]

On 2/10/08 11:21, "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx> wrote:

>> writing into device allows the guest to rewrite it's backend
>> location, this should be protected too i guess ?
> 
> We will arrange for the backend location not to be trusted by anything
> important.  In fact, it is entirely formulaic: if you know which
> domain the backend is supposed to be in, you can simply shuffle the
> path components.  And you can double check against the backend's
> frontend path.

If you know the backend domid this works great. You don't need to check
anything in this case. If you try to validate the frontend's backend
reference then that's hard: strictly speaking you can only trust the
/local/domain/0 path prefix since otherwise two domains could collude to
redirect you to a backend directory under their control (or a domain could
point you at a 'backend directory' under its own path prefix, for example).
So this approach really only works for backends known to be in dom0 (which
of course is true for the vast majority of Xen installations). Hence xend is
storing the backend path under /vm where it's safe. Equally it could store
only the backend-id and construct the backend path from that.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel