[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

Andrew Cooper writes ("Re: [PATCH v6 08/24] xsplice: Add helper elf routines"):
> On 07/04/16 17:19, Ian Jackson wrote:
> > My understanding of this is that the purpose of this machinery is to
> > supply binary runtime patches to the hypervisor.  So I think someone
> > who can inject malicious xsplice payloads can already control the
> > host.  Is that right ?
> Correct.

OK, good, then from my point of view:

Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

> > It might be worth mentioning somewhere that this loader must not be
> > used for xsplice payloads for guest kernels.
> I don't see how this is related.  If the host admin wanted to patch
> guest kernels without using the kernels internal self-patching
> mechanism, it would be infinitely easier to do the patching from dom0,
> using toolstack mapping powers.

Well, maybe.  I was worried about someone trying to make this ELF
xsplice code dynamically patch a guest kernel at load time.  That
might seem like a convenient idea to them.  But if you think it's not
likely, then fine.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.