[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves

On 09/08/2011 11:50, "Vincent Hanquez" <vincent.hanquez@xxxxxxxxxxxxx>

> On 08/09/2011 11:14 AM, Keir Fraser wrote:
>> On 09/08/2011 11:08, "Vincent Hanquez"<vincent.hanquez@xxxxxxxxxxxxx>
>> wrote:
>>>> xenstored: allow guests to reintroduce themselves
>>>> During kexec all old watches have to be removed, otherwise the new
>>>> kernel will receive unexpected events. Allow a guest to introduce itself
>>>> and cleanup all of its watches.
>>> What about security wise ?
>>> Guest userspace suddenly becomes able to do this operation (and DoS
>>> themself)
>>> where they used to be limited to normal read/write/.. operations.
>> Guest userspace can already DoS the guest if it has access to xenstore, by
>> messing with xenbus I/O connections, for example.
> How so ?
> It seems we validate userspace packets (at least on linux) before actually
> putting them on the ring.

I don't believe we filter which nodes can be written by userspace. So can
just mess with things like the frontend connection state node for
block/network connections, or whatever. Be imaginative -- there's no doubt
lots of scope for screwing up xenbus connections by fooling around with the
frontend state. If userspace connections to xenbus were not trusted, we'd
need a lot more filtering than we have.

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.