From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Ross Lagerwall <ross.lagerwall@citrix.com>
Cc: Lars Kurth <lars.kurth@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <liuw@liuw.name>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
xen-devel@lists.xen.org, Julien Grall <julien.grall@arm.com>,
Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH for-4.9] livepatch: Declare live patching as a supported feature
Date: Wed, 28 Jun 2017 12:41:31 -0400 [thread overview]
Message-ID: <20170628164131.GD911@char.us.oracle.com> (raw)
In-Reply-To: <ee8fae94-34b0-1b3f-8632-dc1583ed07e4@citrix.com>
. snip..
> > Now all of the customers that have applied those patches are vulnerable.
> >
> > Do you:
> >
> > 1. Tell the reporter to post it publicly to xen-devel immediately, since
> > livepatch tools are not security supported -- thus "zero-day"-ing all
> > your customers (as well as anyone else who happens to have used x.yy to
> > build a hypervisor)?
> >
> > 2. Secretly take advantage of Citrix' privileged position on the
> > security list, and try to get an update out to your customers before it
> > gets announced (but allowing everyone *else* using gcc x.yy to
> > experience a zero-day)?
> >
> > 3. Issue an XSA so that everyone has the opportunity to fix things up
> > before making a public announcement, and so that anyone not on the
> > embargo list gets an alert, so they know to either update their own
> > livepatches, or look for updates from their software provider?
> >
> > I think #3 is the only possible choice.
> >
> > -George
> >
>
> The issue here is that any bug in livepatch-build-tools which still results
> in output being generated would be a security issue, because someone might
> have used it to patch a security issue. livepatch-build-tools is certainly
> not stable enough yet (ever?) to be treated in this fashion.
>
To add a bit. The livepatch-build-tools does not have to be used to
create the livepatches. One can use other tools to create the livepatches
(like for example the test-cases).
And there is a nice design http://xenbits.xen.org/docs/unstable/misc/livepatch.html
(see "Design of payload format") which describes what the format of this livepatch
MUST be.
> --
> Ross Lagerwall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-06-28 16:41 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-26 15:36 [PATCH for-4.9] livepatch: Declare live patching as a supported feature Ross Lagerwall
2017-06-26 16:39 ` Andrew Cooper
2017-06-26 16:50 ` George Dunlap
2017-06-26 16:53 ` Ian Jackson
2017-06-26 17:18 ` Andrew Cooper
2017-06-27 8:37 ` George Dunlap
2017-06-27 10:47 ` Andrew Cooper
2017-06-27 10:49 ` George Dunlap
2017-06-26 16:50 ` Ross Lagerwall
2017-06-26 17:04 ` Andrew Cooper
2017-06-27 6:04 ` Jan Beulich
2017-06-27 7:19 ` Julien Grall
2017-06-27 11:23 ` Jan Beulich
2017-06-27 11:34 ` George Dunlap
2017-06-26 17:00 ` George Dunlap
2017-06-26 17:30 ` Andrew Cooper
2017-06-27 9:17 ` George Dunlap
2017-06-28 16:18 ` Ross Lagerwall
2017-06-28 16:41 ` Konrad Rzeszutek Wilk [this message]
2017-06-30 13:42 ` George Dunlap
2017-07-03 14:53 ` Ross Lagerwall
2017-07-04 8:36 ` Roger Pau Monné
2017-08-03 17:20 ` George Dunlap
2017-08-03 17:21 ` George Dunlap
2017-08-06 0:07 ` Is:livepatch-build-tools.git declare it supported? Was:Re: " Konrad Rzeszutek Wilk
2017-08-07 10:26 ` George Dunlap
2017-08-07 15:59 ` Jan Beulich
2017-08-08 11:16 ` George Dunlap
2017-08-09 7:36 ` Jan Beulich
2017-08-21 10:59 ` George Dunlap
2017-08-21 12:07 ` Jan Beulich
2017-08-21 15:28 ` George Dunlap
2017-08-22 6:37 ` Jan Beulich
2017-08-22 10:58 ` George Dunlap
2017-08-22 11:16 ` Roger Pau Monné
2017-08-29 14:44 ` Konrad Rzeszutek Wilk
2017-08-29 14:46 ` Andrew Cooper
2017-08-29 14:48 ` George Dunlap
2017-06-26 18:29 ` Julien Grall
2017-06-26 21:07 ` Konrad Rzeszutek Wilk
2017-06-27 7:24 ` Julien Grall
2017-06-27 8:09 ` Lars Kurth
2017-06-27 10:49 ` Ian Jackson
2017-06-27 10:59 ` Lars Kurth
2017-06-27 10:46 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170628164131.GD911@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@arm.com \
--cc=lars.kurth@citrix.com \
--cc=liuw@liuw.name \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.