[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Backport request "libxl: In libxl_set_vcpuonline check for maximum number of VCPUs against the cpumap." (Was: Re: [Bug report] Security issue in "xl vcpu-set")
On Mon, 2015-06-08 at 11:35 +0100, Ian Jackson wrote: > Luwei Cheng writes ("Re: Backport request "libxl: In libxl_set_vcpuonline > check for maximum number of VCPUs against the cpumap." (Was: Re: [Bug report] > Security issue in "xl vcpu-set")"): > > Some third-part management tools might be built directly above xl. > > Perhaps they can not rely on "Ctrl-C".. > > In general callers of libxl will not be built to raise SIGINT. For > example, if libvirt called this function in a way that triggers the > bug, there wouldn't be any reasonable way to recover control. > > I'm afraid I'm still not clear about when the failure can be triggered > by an attacker. I was able to reproduce by pressing a key at a pygrub prompt to drop to a prompt and then leaving the guest in that state, where the domain exists but does not yet have any vcpus etc. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |