[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging

To: Xen.org security team <security@xxxxxxx>
From: George Dunlap <george.dunlap@xxxxxxxxxx>
Date: Wed, 25 May 2016 15:04:40 +0100
Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Wed, 25 May 2016 14:05:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, May 23, 2016 at 6:09 PM, Xen.org security team <security@xxxxxxx> wrote:
> RESOLUTION
> ==========
>
> Applying the appropriate attached patch resolves this issue.
>
> The patches adopt a simple and rather crude approach which is
> effective at resolving the security issue in the context of a Xen
> device model.  They may not be appropriate for adoption upstream or in
> other contexts.

This is indeed a rather crude approach; but for our upcoming 4.7
release, what's the plan?  Do we have time to generalize xenconsoled
to handle this sort of logging, and if so, who is going to do that
work?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging
  - From: Wei Liu

References:
- [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging
  - From: Xen . org security team

Prev by Date: Re: [Xen-devel] [PATCH 2/4] xen/arm: Make AFFINITY_MASK generate correct mask for level3
Next by Date: Re: [Xen-devel] [for-4.7 1/2] xen: XENMEM_add_physmap_batch: Mark 'foreign_id' as reserved for dev_mmio
Previous by thread: [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging
Next by thread: Re: [Xen-devel] Xen Security Advisory 180 (CVE-2014-3672) - Unrestricted qemu logging
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.