From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Ross Lagerwall <ross.lagerwall@citrix.com>
Cc: Lars Kurth <lars.kurth@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <liuw@liuw.name>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
xen-devel@lists.xen.org, Julien Grall <julien.grall@arm.com>,
Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH for-4.9] livepatch: Declare live patching as a supported feature
Date: Wed, 28 Jun 2017 12:41:31 -0400 [thread overview]
Message-ID: <20170628164131.GD911@char.us.oracle.com> (raw)
In-Reply-To: <ee8fae94-34b0-1b3f-8632-dc1583ed07e4@citrix.com>
. snip..
> > Now all of the customers that have applied those patches are vulnerable.
> >
> > Do you:
> >
> > 1. Tell the reporter to post it publicly to xen-devel immediately, since
> > livepatch tools are not security supported -- thus "zero-day"-ing all
> > your customers (as well as anyone else who happens to have used x.yy to
> > build a hypervisor)?
> >
> > 2. Secretly take advantage of Citrix' privileged position on the
> > security list, and try to get an update out to your customers before it
> > gets announced (but allowing everyone *else* using gcc x.yy to
> > experience a zero-day)?
> >
> > 3. Issue an XSA so that everyone has the opportunity to fix things up
> > before making a public announcement, and so that anyone not on the
> > embargo list gets an alert, so they know to either update their own
> > livepatches, or look for updates from their software provider?
> >
> > I think #3 is the only possible choice.
> >
> > -George
> >
>
> The issue here is that any bug in livepatch-build-tools which still results
> in output being generated would be a security issue, because someone might
> have used it to patch a security issue. livepatch-build-tools is certainly
> not stable enough yet (ever?) to be treated in this fashion.
>
To add a bit. The livepatch-build-tools does not have to be used to
create the livepatches. One can use other tools to create the livepatches
(like for example the test-cases).
And there is a nice design http://xenbits.xen.org/docs/unstable/misc/livepatch.html
(see "Design of payload format") which describes what the format of this livepatch
MUST be.
> --
> Ross Lagerwall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-06-28 16:41 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-26 15:36 [PATCH for-4.9] livepatch: Declare live patching as a supported feature Ross Lagerwall
2017-06-26 16:39 ` Andrew Cooper
2017-06-26 16:50 ` George Dunlap
2017-06-26 16:53 ` Ian Jackson
2017-06-26 17:18 ` Andrew Cooper
2017-06-27 8:37 ` George Dunlap
2017-06-27 10:47 ` Andrew Cooper
2017-06-27 10:49 ` George Dunlap
2017-06-26 16:50 ` Ross Lagerwall
2017-06-26 17:04 ` Andrew Cooper
2017-06-27 6:04 ` Jan Beulich
2017-06-27 7:19 ` Julien Grall
2017-06-27 11:23 ` Jan Beulich
2017-06-27 11:34 ` George Dunlap
2017-06-26 17:00 ` George Dunlap
2017-06-26 17:30 ` Andrew Cooper
2017-06-27 9:17 ` George Dunlap
2017-06-28 16:18 ` Ross Lagerwall
2017-06-28 16:41 ` Konrad Rzeszutek Wilk [this message]
2017-06-30 13:42 ` George Dunlap
2017-07-03 14:53 ` Ross Lagerwall
2017-07-04 8:36 ` Roger Pau Monné
2017-08-03 17:20 ` George Dunlap
2017-08-03 17:21 ` George Dunlap
2017-08-06 0:07 ` Is:livepatch-build-tools.git declare it supported? Was:Re: " Konrad Rzeszutek Wilk
2017-08-07 10:26 ` George Dunlap
2017-08-07 15:59 ` Jan Beulich
2017-08-08 11:16 ` George Dunlap
2017-08-09 7:36 ` Jan Beulich
2017-08-21 10:59 ` George Dunlap
2017-08-21 12:07 ` Jan Beulich
2017-08-21 15:28 ` George Dunlap
2017-08-22 6:37 ` Jan Beulich
2017-08-22 10:58 ` George Dunlap
2017-08-22 11:16 ` Roger Pau Monné
2017-08-29 14:44 ` Konrad Rzeszutek Wilk
2017-08-29 14:46 ` Andrew Cooper
2017-08-29 14:48 ` George Dunlap
2017-06-26 18:29 ` Julien Grall
2017-06-26 21:07 ` Konrad Rzeszutek Wilk
2017-06-27 7:24 ` Julien Grall
2017-06-27 8:09 ` Lars Kurth
2017-06-27 10:49 ` Ian Jackson
2017-06-27 10:59 ` Lars Kurth
2017-06-27 10:46 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170628164131.GD911@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=julien.grall@arm.com \
--cc=lars.kurth@citrix.com \
--cc=liuw@liuw.name \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).