[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Thu, 7 Apr 2016 17:19:37 +0100
Cc: Keir Fraser <keir@xxxxxxx>, andrew.cooper3@xxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, mpohlack@xxxxxxxxx, ross.lagerwall@xxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, sasha.levin@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 07 Apr 2016 16:34:04 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Konrad Rzeszutek Wilk writes ("[PATCH v6 08/24] xsplice: Add helper elf 
routines"):
> From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
> 
> Add Elf routines and data structures in preparation for loading an
> xSplice payload.
> 
> We make an assumption that the max number of sections an ELF payload
> can have is 64. We can in future make this be dependent on the
> names of the sections and verifying against a list, but for right now
> this suffices.
> 
> Also we a whole lot of checks to make sure that the ELF payload
> file is not corrupted nor that the offsets point past the file.

This is good, but: ideally I would like to avoid conducting a detailed
security review of this code.

My understanding of this is that the purpose of this machinery is to
supply binary runtime patches to the hypervisor.  So I think someone
who can inject malicious xsplice payloads can already control the
host.  Is that right ?

If so then bugs in this loader cannot be any security impact.

It might be worth mentioning somewhere that this loader must not be
used for xsplice payloads for guest kernels.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH v6] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk

Prev by Date: [Xen-devel] [PATCH] tools: handle xl migrate --debug in legacy stream
Next by Date: Re: [Xen-devel] [PATCH v6 01/24] xsplice: Design document
Previous by thread: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Next by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.