[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security support status of xnf(4) and xbf(4)


  • To: Chris Cappuccio <chris@xxxxxxxxxx>, Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Fri, 25 Mar 2022 23:50:24 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qE4pthaGuDkSZ1zDJ3dzRVNawZch0wJtxvh0ZBdLHmw=; b=cpn3/z5lrgbthFqeluT0Q3Za4V2v2FgU31QHfTzTnz/UZFPdOKH1EqHO52PHjQZ2VfurHT/U0eIXgJttzNrxBFVCDILXtl/goCmGxhdcUSmxgvbm+IA/Xrf3HB6/XgwjHOQuiXIg1DkJ2q24cZadS1aw0fZWRREn/nCiU5zxoPPTfBnf0evdouWfaH7Gr4vifoS8Q+Ni9b6UnPAt8FSndeTyl+zogbkmYFB8oBzM0pvpk7xsKrzkM7lJ0zgsEWSRPZeEj5CT5kajROTHpR/R355tbOm7dm595opnVZDFM6hDzinOndqPPmQ9UjWHZ5H6WlMp+BUvN6iX7uWMCJu8CA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IlZx7vYc4JP/Clop3qsYP1TPEoym7Axu1gl08/KQNamiyto1HQSRa6IGeIMALg7nxPiO42ix+pj3++R8MQWjRfX+uUv6TjDBzOU+GDcCOmoJAffpNl+44BzsQ4EdLrTMNWREF676wSjdSsWx4JzwmkT1L6ojtuTFQBhAtvo9UGAwK4G0nYhIu8+rU1mEdhw5265ZbcJmdW7bP0ZWnXxjFhK5B5ObCh/OHlSG35lYAZal8E+h+gktXOKr7tqH19ang7leX2gYT9i4+xvYFtJSPW72NknY5WQKGiGm3lOAoVKFpYX4vpl6cLAv+AdMALFZbXdQPtztMkH2NQ2H/755EA==
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Marek Marczykowski-G?recki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, OpenBSD technical mailing list <tech@xxxxxxxxxxx>
  • Delivery-date: Fri, 25 Mar 2022 23:50:42 +0000
  • Ironport-data: A9a23:PskbTqO1lK8zLzHvrR1Cl8FynXyQoLVcMsEvi/4bfWQNrUoj0GEBz WJJXG2FMv2PajD2ftp+a4q0809VvsTUy4cySgto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKlYAL/En03FFcMpBsJ00o5wbZi2NMw2rBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z4 fJOhNuccjcQYqSWttQtS0NdTjBeFPgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQTKuPN pZCOVKDajzlMzESGUg6Eqtkkcm5o3X7WBZItne88P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvTRI8ZFJW/7vNsikafgGsJB3U+UFKhpPCjh02WWtRBK lcV8C4jsagz8kOwStD3GRa/pRastR4GWsF4Feg35ACEjKzZ/26xCmUBTxZAbsInr848QTE21 l6PkMjtDDYpu7qQIU9x7Z/N82n0Y3JMazZfO2lUFmPp/uUPvqkaqRH+CfpYIJfph4fbKQHom TXXvQgX0uB7YdEw6423+lXOgjSJr5fPTxIo6gi/Yl9J/j+Vd6b+OdX2tAGzAeJoad/AEwLf5 CRsd922trhmMH2bqMCarAzh9pmN7u3NDjDTiEUH83IJp2X0oC7LkWy9DVhDyKZV3iQsJGeBj Kz741o5CHpv0J2CNP4fj2WZUZhC8EQYPY65Ps04lOZmbJlrbxOg9ypzf0OW1G2FuBFyzfFmZ MrGL5f3Vy1y5UFbINyeHrZ1PVgDnH1W+I8ubcqjk0TPPUS2OhZ5tovpwHPRN7tkvctoUS3e8 spFNtvi9vmseLaWX8UjyqZKdQpiBSFiXfje8pULHsbeclsOMDxwUJf5nOJ+E7GJaowIz4/g5 G+mYEZExTLX3DufQel8Qis4M+2HsFcWhS9TABHAyn71giB6Otz+tf13mlleVeBPydGPBMVcF pEtU86BHu5OWnLA/TEcZoP6t4tsaFKgggfmAsZvSGFXk0JIL+ARxuLZQw==
  • Ironport-hdrordr: A9a23:RoAM06wwEASlKBJVpvW+KrPxguskLtp133Aq2lEZdPULSKOlfp GV8MjziyWYtN9IYgBcpTiBUJPwJE81bfZOkMYs1MSZLXXbUQyTXc9fBOrZsnHd8kjFmNK1up 0QCpSWZOeAbmSSyPyKmjVQcOxQgeVvkprY/ds2pk0FJWoBCsFdBkVCe32m+yVNNVJ77PECZf 6hD7981lydkAMsH6OG7xc+Lor+juyOsKijTQ8NBhYh5gXLpyiv8qTGHx+R2Qpbey9TwJ85mF K10zDR1+GGibWW2xXc32jc49B9g9360OZOA8SKl4w8NijssAC1f45sMofy/wzd4dvfqmrCou O85yvIDP4DrE85uVvF5ycF7jOQlQrGLUWSkGNwz0GT+fARDwhKdPapzbgpDCcxrXBQ5u2UmZ g7r15w/fBsfGL9tTW46N7SWx5wkE2o5XIkjO4IlnRaFZATcblLsOUkjQho+bo7bWvHAbocYa FT5QDnlYJrWELfa2qcsnhkwdSqUHh2FhCaQlIassjQ1zRNhnh2w0YR2cRaxx47hd8AYogB4/ 6BPrVjlblIQMNTZaVhBP0ZSc/yDmDWWxrDPG+bPFyiHqAaPHDGrYLx/dwOlauXUY1NyIF3lI XKUVteu2J3c0XyCdeW1JkO6RzJSHXVZ0Wa9iif3ekPhlTRfsuYDcTYciFcryKJmYRrPvHm
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYQGN+XBaov1qn+kGEeGg+qt+r9qzQsngAgAAS8IA=
  • Thread-topic: Security support status of xnf(4) and xbf(4)

On 25/03/2022 22:42, Chris Cappuccio wrote:
> Demi Marie Obenour [demi@xxxxxxxxxxxxxxxxxxxxxx] wrote:
>> Linux???s netfront and blkfront drivers recently had a security
>> vulnerability (XSA-396) that allowed a malicious backend to potentially
>> compromise them.  In follow-up audits, I found that OpenBSD???s xnf(4)
>> currently trusts the backend domain.  I reported this privately to Theo
>> de Raadt, who indicated that OpenBSD does not consider this to be a
>> security concern.
>>
> A malicious backend could completely compromise the virtual host in an
> infinite number of ways.

Xen PV front/back pairs have had far better security
properties/guarantees for longer than virtio has existed.  Under the Xen
architecture, the backend has never had the ability to "DMA" to areas
which aren't explicitly permitted by the frontend.

If a frontend handles it's grants correctly, then it need only trust Xen
but not the backend for any problems beyond "backend refuses to transmit
data".

The backend can of course cease transmitting data.  That's mitigated
with market pressures of "OK I'll take my credit card elsewhere".  Data
integrity issues can be mitigated by using encryption techniques.

With the advent of encrypted VM technologies (AMD SEV-SNP, Intel TXT)
the VM need not trust Xen any further than "will continue to schedule
you" which equally is mitigated with market pressures related to money.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.