[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Support status of OpenBSD frontend drivers


  • To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 24 Mar 2022 15:11:39 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HQ3TbiWijUITJ4G2k4Wite5laUI4aZ4/ZPZxreiWpuU=; b=j18CMYtg0/oqOhz47gGuUNA7xkNX5m8yDxLkX3nSJAlE16DoRY6qdm/WQO7EMZtm/d307Oex7q0R94BaSPuKaioJ/i+0jXMjDGSx3/CGup5c8p93J7e+PuEq295uIArtOcbjOIdj+6urSzz3CUDQL57tZIejTQKDk+k6HcXIO64rpu+dEeGqaXxRNpPZ7nMaEEgCD33Njflb8E/EN518BbUL2S3PwVPk9oL9XEjgkJuW2mI7uUjfbluycwrKWryYyzfrGKswJYen3E7wPK0WgQCr5sz25pQwkrxsyLix+cQbCbdwB8E5K/+lQlsdfVJX7TvftMZdrsfSNcRF+pZQmA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MfUa+G0FPBTcmPxcFgZUfbo/XJvn5nO5AgODXUja4ug/6228nyRAnaqbzLga5JclYc4NCcoGUS4A6fma4LSXkb4MONxA+W/b8POi7tS+Mq9TmQayojado01RglctSSWVfGwsd+jTeMYIFnb8Ya7uoDrn+NplTF14AV1UGZhHj3dAgTcw546Uwwp+1JWpX412boUQd8/zrTEWEGP+dXRhSeZZLF1tkvxdE2AJrOfpjw30IyrxkAm7UyzScD+ieRgU0FkDv/w3xKPLFunkXu9kjSmjLWQaQH2tuJVwhD/OGi4qXyo9Zcv8MD48zhXBv0eMmxe5epMjMDe7GO+smDkQlg==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 24 Mar 2022 14:12:07 +0000
  • Ironport-data: A9a23:Uu2q8KMTKER0JZ3vrR2vl8FynXyQoLVcMsEvi/4bfWQNrUom0TACy TYZX2/XMvyINGWhfI8kaY/noxxTupTVmtdkTQto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKlYAL/En03FFcMpBsJ00o5wbZi2NIw27BVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z9 PZziY6vTRoTPoLKusEefjZFTi9VBPgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALNs7kMZlZonh95TrYEewnUdbIRKCiCdpwgmlt3JkQQqa2i 8wxZiNxRRfGaB5zHmwMV7cPg/6tlmTOfGgNwL6SjfVuuDWCpOBr65D9PdyQdtGUSMF9mkeDu nmA72n/GgsdNtGU1XyC6H3EruPCmCLTWYQMFaa5/PpnnF2SwGMIDBQcE1C8pJGEZlWWAowFb RZOo2x38PZ0pBfDosTBswOQnF26ggwDX8dqE8I8yiSO54XJvgiyPz1RJtJeU+AOuMgzTD0s8 1aGmdL1GDBi2IGopWKhGqS89m3rZ3VMRYMWTWpdFFZevYG/yG0mpkiXJuuPBpJZmTEc9dvY5 zmR5BYziLwI5SLg//XqpAuX695AS3Wgc+LU2uk1dj/9hu+aTNT8D2BN1bQ9xawfRGp+ZgPd1 EXoY+DEsIgz4WilzURhutklErCz/OqiOzbBm1NpFJRJ323zpy77I9gAu28meRcB3iM4ldnBO h+7VeR5vsI7AZdXRfUvP9LZ5zoCk8AM6ugJptiLN4ETM/CdhSeM/T10ZF744oweuBNErE3LA r/CKZzEJS9DUcxPlWPqL89Age5D7n1vngv7GMGkpylLJJLDPRZ5v59eawDQBg34hYvZyDjoH yF3a5TbkUkOAbeiCsQVmKZKRW03wbEALcmeg+Rcd/KZIxogH2ckCvTLxqgmdZAjlKNQ/tokN FngMqOE4DITXUH6FDg=
  • Ironport-hdrordr: A9a23:WehKmKEl8+734JrOpLqFBpHXdLJyesId70hD6qkvc3Jom52j+P xGws526faVslYssHFJo6HnBEClewKgyXcV2/hqAV7GZmjbUQSTXeRfBOfZslnd8mjFh5JgPM RbAtlD4b/LfCBHZK/BiWHSebtQo6jkzEnrv5ak854Ed3AVV0gK1XYBNu/0KDwQeOEQbqBJa6 Z0q/A37waISDAyVICWF3MFV+/Mq5nik4/nWwcPA1oC5BOVhT2lxbbmG1zAty1uGQ9n8PMHyy zoggb57qKsv7WSzQLd7Xba69BzlMH6wtVOKcSQgow+KynqiCyveIN9Mofy9wwdkaWK0hIHgd PMqxAvM4Ba7G7QRHi8pV/X1wzpwF8Vmgjf4G7dpUGmjd3yRTo8BcYEr5leaAHl500pu8w5+L 5X3kqC3qAnQi/orWDY3ZzlRhtqnk27rT4JiugIlUFSVoMYdft4sZEfxkVIC50NdRiKpLzPKN MeTf002cwmMW9zNxvizypSKZ2XLzkO9y69MwY/Upf/6UkVoJh7p3FosPD30E1wsa7VcKM0lN gsAp4Y5I2mcfVmH56VJN1xN/dfWVa9CC4lDgqpUCHa/ec8Sjbwl6I=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Mar 24, 2022 at 09:56:29AM -0400, Demi Marie Obenour wrote:
> As per private discussion with Theo de Raadt, OpenBSD does not consider
> bugs in its xnf(4) that allow a backend to cause mischief to be security
> issues.  I believe the same applies to its xbf(4).  Should the support
> document be updated?

I think that's already reflected in the support document:

'Status, OpenBSD: Supported, Security support external'

Since the security support is external it's my understanding OpenBSD
security team gets to decide what's a security issue and what is not.

That however creates differences in the level of support offered by
the different OSes, but I think that's unavoidable. It's also hard to
track the status here because those are external components in
separate code bases.

Could be added as a mention together with the Windows note about
frontends trusting backends, but then I would fear this is likely to
get out of sync if OpenBSD ever changes their frontends to support
untrusted backends (even if not considered as a security issue).

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.