From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Vrabel <david.vrabel@citrix.com>
Subject: Re: [PATCH] xsm/flask: improve unknown permission
	handling
Date: Thu, 4 Dec 2014 10:37:58 +0000
Message-ID: <54803986.4030208@citrix.com>
References: <1416938704-17884-1-git-send-email-dgdegra@tycho.nsa.gov>	<CAFLBxZY253TVWetxMAMCBzcRB3qvd490OOaHpQ1j7fqVyb-90g@mail.gmail.com>	<5477445E.4040803@citrix.com>
	<547F584E.2090003@tycho.nsa.gov> <547F5998.6060904@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <547F5998.6060904@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Daniel De Graaf <dgdegra@tycho.nsa.gov>, George Dunlap <George.Dunlap@eu.citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 03/12/14 18:42, Andrew Cooper wrote:
> 
> XSA-37 was only an XSA because the rules at the time were unclear as
> whether it was an issue or not.  At the same time, the rules were
> clarified to state that issues in a debug build only are not security
> issues.

Given that we occasionally ask our customers to run debug versions of
Xen to diagnose particular problems I think this policy should change
(if not by the Xen project security team, then at least internally).

David