From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vincent Hanquez <vincent.hanquez@eu.citrix.com>
Subject: Re: [PATCH] xenstored: allow guests to reintroduce
	themselves
Date: Tue, 9 Aug 2011 11:50:47 +0100
Message-ID: <4E411107.20103@eu.citrix.com>
References: <CA66C71E.300C3%keir@xen.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <CA66C71E.300C3%keir@xen.org>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Keir Fraser <keir@xen.org>
Cc: Olaf Hering <olaf@aepfle.de>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

On 08/09/2011 11:14 AM, Keir Fraser wrote:
> On 09/08/2011 11:08, "Vincent Hanquez"<vincent.hanquez@eu.citrix.com>
> wrote:
>
>>> xenstored: allow guests to reintroduce themselves
>>>
>>> During kexec all old watches have to be removed, otherwise the new
>>> kernel will receive unexpected events. Allow a guest to introduce itself
>>> and cleanup all of its watches.
>>
>> What about security wise ?
>>
>> Guest userspace suddenly becomes able to do this operation (and DoS themself)
>> where they used to be limited to normal read/write/.. operations.
>
> Guest userspace can already DoS the guest if it has access to xenstore, by
> messing with xenbus I/O connections, for example.

How so ?
It seems we validate userspace packets (at least on linux) before actually putting them on the ring.

-- 
Vincent