[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [qubes-devel] Re: Critique of the Xen Security Process

On Tue, Nov 10, 2015 at 1:09 PM, Lars Kurth <lars.kurth.xen@xxxxxxxxx> wrote:

> On 9 Nov 2015, at 18:15, Wojtek Porczyk <woju@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> On Mon, Nov 09, 2015 at 04:31:58PM +0000, Franz wrote:
>> Perhaps a way out of this impasse is to put bounties on Xen security tasks
>> identified by Joanna and properly advertise these bounties to Xen users.
>> [snip]
> This is fundamentaly wrong idea. Security isn't something you can
> "apply" or put bounty on. It's a state of the mind, especcialy
> developer's.

I don't think this was what was proposed. What was proposed, if I understood correctly, was to use funds to sponsor solutions to specific problems in specific areas of code that have been developed in the past and where we may have issues due to past mistakes.

Yes Lars of course, and also changing mindset has real costs, because a more security oriented mindset involves some additional work, some hard thinking, some additional study, something already done that needs recoding etc. I mean it is not simply an act of will, rather a targeted effort. A security mindset is slowing developing in the whole society and I see Qubes developers as the more advanced front. The reality is changing fast. A serious bug in Xen practically means that all my passwords can be stolen from my no-network VM or even more seriously that the life of an activist can be compromised. These facts are dramatic or tragic and the situation is constantly and fast worsening. So nobody is guilty for 7 years old code developed in a different situation, but the same Joanna words are totally justified and welcome. We have to face reality and take action. From my point of view It is a matter of educating those who pay, for that I offered to write some copywriting.
> Joanna wrote in her mail:
>>>> I can't help but have a feeling that some of the Xen developers seem to be
>>>> overconfident in their belief they can fully understand all the possible
>>>> execution paths in their code. Well, the XSAs quoted above are an indisputable
>>>> prove that this is not quite always the case. Realizing that, each developer by
>>>> themselves, might be a great step towards a more secure hypervisor...
> And that's why we can't just "submit a patch" to "contribute security".

Although I agree that you can't submit a patch to fix security, it is possible to focus on some areas you care about and lead by example. In particular, if you believe that there is a mindset problem today. I think, you do also need to distinguish between what was happening in the past and what the project does today. There is little point to complain about what developers, who now don't work on Xen any more, did in the past. In particular, as the vast majority of active developers in the project were not around 6-7 years ago.

> There is something wrong with Xen as a whole project, but that something
> isn't the code. There is a mindset to be fixed.

I think this is a rather generalising statement, and maybe it would be more fruitful to focus on some concrete areas that can be improved. I also believe, that there has been a significant shift in mindset in many areas in the project in the last few years.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.