Xen project Mailing List

Re: [Xen-devel] Xen Security Advisory 99 - unexpected pitfall in xenaccess API

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Andres Lagar Cavilla <andres@xxxxxxxxxxxxxxxx>

Date: Tue, 17 Jun 2014 07:01:40 -0700

Cc: security@xxxxxxx, xen-devel@xxxxxxxxxxxxx

Delivery-date: Tue, 17 Jun 2014 14:01:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Jun 17, 2014 at 6:57 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:

(dropping announce lists)

On Tue, 2014-06-17 at 06:50 -0700, Andres Lagar Cavilla wrote:

> The helper would have been thrown off balance, and failed to audit
> something at worst. Maybe this means a security problem down the line
> for that helper toolchain, but outside the purview of the hypervisor.

The purpose of this advisory was to provide a heads up to the authors of
those toolchains so that they could check for such issues in their code.

I think you need to reread the advisory, especially the IMPACT and
VULNERABLE SYSTEMS sections, which I think make it pretty clear that the
issue is 3rd party consumers of the xenaccess API which may have
inadvertently implemented vulnerable code by following the example.

And in the end the small window is fixed by the patch, so there is a degree of futility to my persistence.

> I see how helpers may be thrown totally off balance. I see self-DoS,
> but still do not see privilege escalation happening.

We don't know what people have implemented using these mechanisms. Are
you so confident that you can completely rule it out for 100% of those
use cases?

Never 100% of course.Â

The right thing for us to do was to warn people, so that is what we have
done.

Fair enough.

Thanks

Andres

Ian.

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel