[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Security support status of xnf(4) and xbf(4)
On 3/27/22 21:45, Damien Miller wrote: > On Fri, 25 Mar 2022, Demi Marie Obenour wrote: > >> Linux’s netfront and blkfront drivers recently had a security >> vulnerability (XSA-396) that allowed a malicious backend to potentially >> compromise them. In follow-up audits, I found that OpenBSD’s xnf(4) >> currently trusts the backend domain. I reported this privately to Theo >> de Raadt, who indicated that OpenBSD does not consider this to be a >> security concern. >> >> This is obviously a valid position for the OpenBSD project to take, but >> it is surprising to some (such as myself) from the broader Xen >> ecosystem. Standard practice in the Xen world is that bugs in frontends >> that allow a malicious backend to cause mischief *are* considered >> security bugs unless there is explicit documentation to the contrary. >> As such, I believe this deserves to be noted in xnf(4) and xbf(4)’s man >> pages. If the OpenBSD project agrees, I am willing to write a patch, >> but I have no experience with mandoc so it might take a few tries. > > Hang on, what is a "malicious backend" in this context? Is it something > other than the Xen Hypervisor? If not, then it seems not to be a useful > attack model, as the hypervisor typically has near-complete access to > guests' memory and CPU state. The backend can run in any Xen VM. It often runs in dom0, but it is not required to, and in Qubes OS the network backend never runs in dom0. Unless it runs in dom0, it has no access to frontend memory, except for memory the frontend has explicitly given it access to via grant tables. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc Attachment:
OpenPGP_signature
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |