[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security support status of xnf(4) and xbf(4)

On Fri, 25 Mar 2022, Demi Marie Obenour wrote:

> Linux’s netfront and blkfront drivers recently had a security
> vulnerability (XSA-396) that allowed a malicious backend to potentially
> compromise them.  In follow-up audits, I found that OpenBSD’s xnf(4)
> currently trusts the backend domain.  I reported this privately to Theo
> de Raadt, who indicated that OpenBSD does not consider this to be a
> security concern.
> 
> This is obviously a valid position for the OpenBSD project to take, but
> it is surprising to some (such as myself) from the broader Xen
> ecosystem.  Standard practice in the Xen world is that bugs in frontends
> that allow a malicious backend to cause mischief *are* considered
> security bugs unless there is explicit documentation to the contrary.
> As such, I believe this deserves to be noted in xnf(4) and xbf(4)’s man
> pages.  If the OpenBSD project agrees, I am willing to write a patch,
> but I have no experience with mandoc so it might take a few tries.

Hang on, what is a "malicious backend" in this context? Is it something
other than the Xen Hypervisor? If not, then it seems not to be a useful
attack model, as the hypervisor typically has near-complete access to
guests' memory and CPU state.

-d

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.