[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file

To: George Dunlap <George.Dunlap@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Fri, 16 Dec 2016 11:33:52 +0000
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "Tim \(Xen.org\)" <tim@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 16 Dec 2016 11:34:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

George Dunlap writes ("Re: [PATCH 8/8] libelf: safety: Document safety 
principles in header file"):
> > On Dec 16, 2016, at 12:43 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
> > As expressed before, I'm not convinced library code should be
> > concerned about caller restrictions.

I'm not sure what you mean by "caller restrictions".  This is a rule
that applies inside libelf.  Can you explain ?

Assuming you mean what George seems to think you meant:

> People designing toolstacks that call this function are likely to be thinking 
> about domains and things, not, “What happens if I get a rogue elf image that 
> causes this function to run forever?”  I think if we can prevent 
> libelf-source DoS bugs in all toolstacks that rely on libxl, then it makes 
> sense to do so.

I think in fact the only caller of libelf is libxc.  I doubt we have
out-of-tree callers, but I could be wrong of course.

But that doesn't change the underlying point, which I agree with:
callers of any library should be given information on how to use it
safely.

Our libelf does not have a 100% opaque interface for its callers.  For
example, the state struct is transparent, and the multiple entry
points are not entirely clearly set out.

If it did have a more formally defined and opaque interface, then much
of what is currently in libelf.h (including this comment) would be in
libelf-private.h instead.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Jan Beulich

References:
- Re: [Xen-devel] [PATCH] libelf: Fix div0 issues in elf_{shdr, phdr}_count()
  - From: Ian Jackson
- [Xen-devel] [PATCH 0/8] libelf: safety enhancements
  - From: Ian Jackson
- [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH v4 01/14] xen/x86: remove XENFEAT_hvm_pirqs for PVHv2 guests
Next by Date: Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
Previous by thread: Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
Next by thread: Re: [Xen-devel] [PATCH 8/8] libelf: safety: Document safety principles in header file
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.