[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] stubdom questions
Jan Beulich writes ("Re: [Xen-devel] stubdom questions"): > On 09.11.10 at 18:00, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote: > > Yes, this is intentional. We don't want to update these unless > > necessary, really. > > So even security problems fixed in upstream packages are deemed > to be of no concern (or if they are, need to be handled manually by > adding patches)? The libraries underlying stubdom aren't exposed directly to hostile data; they communicate only with the qemu in stubdom, and dom0. Communication with the untrusted guest is done by the qemu code. Furthermore, the stubdom itself is supposed to be no more trusted than the guest it is servicing. So I think in theory almost all security bugs in these libraries should be unexploitable in the stubdom context. If you could point to a counterexample that would be very interesting. > > The stubdom build system is a bit of a mess, unfortunately. > > Are there intentions to get this cleaned up? In the long term yes, but I don't think we have it as a priority. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |