Xen project Mailing List

Re: Support status of OpenBSD frontend drivers

To: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

From: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

Date: Thu, 24 Mar 2022 21:10:57 -0400

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 25 Mar 2022 01:11:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 3/24/22 18:21, Marek Marczykowski-Górecki wrote: > On Thu, Mar 24, 2022 at 11:49:14AM -0400, Demi Marie Obenour wrote: >> On 3/24/22 10:11, Roger Pau Monné wrote: >>> On Thu, Mar 24, 2022 at 09:56:29AM -0400, Demi Marie Obenour wrote: >>>> As per private discussion with Theo de Raadt, OpenBSD does not consider >>>> bugs in its xnf(4) that allow a backend to cause mischief to be security >>>> issues. I believe the same applies to its xbf(4). Should the support >>>> document be updated? >>> >>> I think that's already reflected in the support document: >>> >>> 'Status, OpenBSD: Supported, Security support external' >>> >>> Since the security support is external it's my understanding OpenBSD >>> security team gets to decide what's a security issue and what is not. >>> >>> That however creates differences in the level of support offered by >>> the different OSes, but I think that's unavoidable. It's also hard to >>> track the status here because those are external components in >>> separate code bases. >>> >>> Could be added as a mention together with the Windows note about >>> frontends trusting backends, but then I would fear this is likely to >>> get out of sync if OpenBSD ever changes their frontends to support >>> untrusted backends (even if not considered as a security issue). >> >> As a Qubes OS developer, I still think this is useful information and >> should be documented. For instance, if I choose to add proper OpenBSD >> guest support to Qubes OS (as opposed to the current “you can run >> anything in an HVM” situation), I might decide to have OpenBSD >> guests use devices emulated by a Linux-based stubdomain, since the >> stubdomain’s netfront and blkfront drivers *are* security-supported >> against malicious backends. I might also choose to have a warning in >> the GUI when switching the NetVM of an OpenBSD guest to something other >> than the empty string (meaning no network access) or the (normally >> fairly trusted) sys-firewall or sys-whonix qubes. > > I'm with Roger on this - when security support is external, such > information in xen.git could easily become stale. If anything, there > could be a link to OpenBSD security status info, maintained by whoever > such support provides. This ought to be on https://man.openbsd.org/xnf.4 and https://man.openbsd.org/xbf.4, but it is not. Should I send a patch? -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.