From: "Mike D. Day" <ncmike@us.ibm.com>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: xen-devel@lists.xensource.com, Bryan D Payne <bdpayne@us.ibm.com>,
Reiner Sailer <sailer@us.ibm.com>
Subject: Re: [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
Date: Wed, 26 Jul 2006 09:25:50 -0400 [thread overview]
Message-ID: <44C76D5E.2040606@us.ibm.com> (raw)
In-Reply-To: <2cc990ff2952dde0f8d12469f9417168@cl.cam.ac.uk>
Keir Fraser wrote:
>
> The tools hook is not just a usability/conformity check. The check
> ensures that the tools will not set up entries in xenstore that would
> allow blkback to create a non-conformant vbd. So there is no way for a
> guest to trick blkback into creating a non-conformant vbd: it can only
> connect to vbds specified in its config file or added later via the
> vbd-add xm hotplug command. The tools stack should perform its compiance
> checks on both 'xm create' and 'xm vbd-add', and that should be sufficient.
Yes, but that relies on the tools being correct and invulnerable to
attacks like buffer overflow. Further, it does not disallow an
alternative tool from bypassing or corrupting the conformance and
authorization policy. Any program with the ability to open a socket to
xenstore can open the way. Allowing the checks within the hypervisor is
much safer against these types of attacks or errors.
Mike
next prev parent reply other threads:[~2006-07-26 13:25 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <OF95F83550.BF987DA4-ON852571B5.006BF6EE-852571B5.006EC053@LocalDomain>
2006-07-25 0:21 ` [PATCH][ACM] kernel enforcement of vbd policies via blkback driver Reiner Sailer
2006-07-25 9:53 ` Keir Fraser
2006-07-25 17:45 ` Bryan D Payne
2006-07-25 18:48 ` Steven Hand
2006-07-26 13:25 ` Mike D. Day [this message]
2006-07-26 13:49 ` Keir Fraser
2006-07-26 15:47 ` Reiner Sailer
2006-07-26 17:46 ` Mike D. Day
2006-07-26 18:07 ` Keir Fraser
2006-07-26 18:24 ` Mike D. Day
2006-07-26 18:50 ` Andrew Warfield
2006-07-26 21:21 ` Reiner Sailer
2006-07-26 22:23 ` Harry Butterworth
2006-07-26 22:51 ` Reiner Sailer
2006-07-27 9:41 ` Harry Butterworth
2006-07-26 23:04 ` Andrew Warfield
2006-07-27 1:40 ` Harry Butterworth
2006-07-27 15:37 ` Reiner Sailer
2006-07-27 16:26 ` Harry Butterworth
2006-07-27 16:36 ` Harry Butterworth
2006-07-27 16:58 ` Reiner Sailer
2006-07-27 17:06 ` Harry Butterworth
2006-07-27 17:19 ` Harry Butterworth
2006-07-27 17:53 ` Reiner Sailer
2006-07-27 18:38 ` Harry Butterworth
2006-07-27 17:38 ` Reiner Sailer
2006-07-27 17:43 ` Harry Butterworth
2006-07-24 16:23 Bryan D. Payne
2006-07-24 17:28 ` Keir Fraser
2006-07-24 20:09 ` Bryan D Payne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C76D5E.2040606@us.ibm.com \
--to=ncmike@us.ibm.com \
--cc=Keir.Fraser@cl.cam.ac.uk \
--cc=bdpayne@us.ibm.com \
--cc=sailer@us.ibm.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.