[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file

To: Jan Beulich <JBeulich@xxxxxxxx>
From: George Dunlap <George.Dunlap@xxxxxxxxxx>
Date: Fri, 16 Dec 2016 04:28:00 +0000
Accept-language: en-GB, en-US
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "Tim \(Xen.org\)" <tim@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxx>
Delivery-date: Fri, 16 Dec 2016 04:28:04 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHSUjM7aX5yNWx6lkCCG0A24KGYs6EJL6OAgACmF4A=
Thread-topic: [PATCH 8/8] libelf: safety: Document safety principles in header file

> On Dec 16, 2016, at 12:43 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
> 
>>>> On 09.12.16 at 16:44, <ian.jackson@xxxxxxxxxxxxx> wrote:
>> + *  - Any loop needs to be accompanied by calls to elf_iter_ok (or
>> + *    elf_iter_ok_counted).
>> + *
>> + *        Rationale: the image must not be able to cause libelf to do
>> + *        unbounded work (ie, get stuck in a loop).
> 
> As expressed before, I'm not convinced library code should be
> concerned about caller restrictions.

People designing toolstacks that call this function are likely to be thinking 
about domains and things, not, “What happens if I get a rogue elf image that 
causes this function to run forever?”  I think if we can prevent libelf-source 
DoS bugs in all toolstacks that rely on libxl, then it makes sense to do so.

 -George
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Ian Jackson

References:
- Re: [Xen-devel] [PATCH] libelf: Fix div0 issues in elf_{shdr, phdr}_count()
  - From: Ian Jackson
- [Xen-devel] [PATCH 0/8] libelf: safety enhancements
  - From: Ian Jackson
- [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH RFC] tools/xenlight: Create xenlight Makefile
Next by Date: Re: [Xen-devel] [PATCH RFC] tools/xenlight: Create xenlight Makefile
Previous by thread: Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
Next by thread: Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.