From: Steven Smith <sos22-xen@srcf.ucam.org>
To: Anthony Liguori <aliguori@cs.utexas.edu>
Cc: xen-devel <xen-devel@lists.xensource.com>,
Jeremy Katz <katzj@redhat.com>,
aliguori <aliguori@mail.utexas.edu>,
Markus Armbruster <armbru@redhat.com>,
sos22@srcf.ucam.org
Subject: Re: [PATCH] Paravirt framebuffer backend tools [2/5]
Date: Thu, 5 Oct 2006 19:41:06 +0100 [thread overview]
Message-ID: <20061005184106.GC4998@cam.ac.uk> (raw)
In-Reply-To: <4523CBF4.6060703@cs.utexas.edu>
[-- Attachment #1.1: Type: text/plain, Size: 1853 bytes --]
> >>-- The backend still isn't proof against a malicious frontend. This
> >> (might) mean that root in an unprivileged domain can get root in
> >> dom0, which is a fairly major problem. Fixing this should be
> >> fairly easy.
> >>
> >Yes, this needs to be done.
> Sorry if I missed this previously, but how could a malicious frontend
> attack a backend?
This protocol places various bits of control data in a page shared
between the the frontend and backend. The backend continues to read
things like the resolution out of this buffer while it's operating,
and I was worried that the frontend could cause the backend to
misbehave by changing them while the buffer was live.
> And where else in Xen are we safe from this? :-)
In theory, everywhere, since frontends are explicitly not trusted
code. If you know of any places in which a frontend can cause a
backend to run arbitrary code, or panic, or anything like that then
please report it as a bug.
> >>-- The setup protocol doesn't look much like the normal xenbus state
> >> machine. There may be a good reason for this, but I haven't heard
> >> one yet. I know the standard way is badly documented and
> >> non-trivial to understand from the existing implementations; sorry
> >> about that.
> This was written before we even had the xenbus state machine.
Okay.
> >>>+ case SDL_MOUSEBUTTONDOWN:
> >>>+ case SDL_MOUSEBUTTONUP:
> >>>+ xenfb_send_button(xenfb,
> >>>+ event.type == SDL_MOUSEBUTTONDOWN,
> >>>+ 3 - event.button.button);
> >>>
> >>Why 3 - button?
> >>
> >
> >Anthony speedcoding? %-}
> >
> I never expected this code to see the light of day :-)
>
> Seems like every UI toolkit uses a different ordering for mouse
> buttons. In this case, SDL stores them backwards :-)
Okay.
Steven.
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2006-10-05 18:41 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-02 19:58 [PATCH] Paravirt framebuffer backend tools [2/5] Jeremy Katz
2006-09-04 9:01 ` Steven Smith
2006-09-04 12:55 ` Laurent Vivier
2006-09-06 9:15 ` Steven Smith
2006-09-06 11:41 ` Laurent Vivier
2006-09-06 17:10 ` Steven Smith
2006-09-06 17:50 ` Gerd Hoffmann
2006-09-07 7:32 ` Laurent Vivier
2006-09-07 7:50 ` Steven Smith
2006-09-07 7:31 ` Laurent Vivier
2006-09-07 8:38 ` Steven Smith
2006-09-07 9:31 ` Laurent Vivier
2006-09-07 9:55 ` Steven Smith
2006-09-07 12:03 ` Laurent Vivier
2006-09-08 13:26 ` Anthony Liguori
2006-09-08 14:00 ` Laurent Vivier
2006-09-08 14:12 ` Steven Smith
2006-09-08 14:23 ` Anthony Liguori
2006-10-07 16:48 ` Markus Armbruster
2006-10-10 16:53 ` Stephen C. Tweedie
2006-10-10 17:46 ` Anthony Liguori
2006-10-10 17:46 ` Anthony Liguori
2006-10-11 13:49 ` Markus Armbruster
2006-10-11 15:18 ` Gerd Hoffmann
2006-10-11 15:21 ` Laurent Vivier
2006-10-10 18:48 ` Steven Smith
2006-09-10 10:40 ` Steven Smith
2006-09-10 13:05 ` Anthony Liguori
2006-09-05 16:11 ` Jeremy Katz
2006-09-05 16:57 ` Anthony Liguori
2006-09-06 9:14 ` Steven Smith
2006-09-06 9:13 ` Steven Smith
2006-09-30 8:51 ` Markus Armbruster
2006-10-02 9:01 ` Steven Smith
2006-10-04 14:04 ` Markus Armbruster
2006-10-04 14:20 ` Daniel P. Berrange
2006-10-04 14:57 ` Anthony Liguori
2006-10-05 18:41 ` Steven Smith [this message]
2006-10-05 18:33 ` Steven Smith
2006-10-06 14:10 ` Markus Armbruster
2006-10-07 9:42 ` Steven Smith
2006-09-12 18:55 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061005184106.GC4998@cam.ac.uk \
--to=sos22-xen@srcf.ucam.org \
--cc=aliguori@cs.utexas.edu \
--cc=aliguori@mail.utexas.edu \
--cc=armbru@redhat.com \
--cc=katzj@redhat.com \
--cc=sos22@srcf.ucam.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.