All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ian Campbell <ijc@xen.org>
To: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	xen-users <xen-users@lists.xen.org>
Subject: Security support for debug=y builds (Was Re: Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only))
Date: Mon, 07 Jan 2013 10:21:12 +0000	[thread overview]
Message-ID: <1357554072.14291.129.camel@zakaz.uk.xensource.com> (raw)
In-Reply-To: <E1Tr9he-0007fM-NC@xenbits.xen.org>

On Fri, 2013-01-04 at 16:01 +0000, Xen.org security team wrote:
>      Hypervisor crash due to incorrect ASSERT (debug build only) 

While dealing with this issue the security team was faced with the
question as to whether bugs which are exposed only in debug=y builds
should be considered security relevant (i.e. would normally require an
embargo period, a full advisory, etc).

The Security Response Policy[0] does not offer any guidance on this
issue. We concluded that we should treat this issue as a normal Security
issue and then seek guidance from the community as to what we should do
in the future.

So what are your expectations for security sensitive bugs which only
affect debug builds? Note that debugging is disabled by default and that
we would recommended running non-debug builds in production.

Options which I can think of are:

      * debug=y bugs are Just Bugs and not security issues. i.e. they
        are discussed and fixed publicly on xen-devel and the fix is
        checked in in the usual way. There is no embargo or specific
        announcement. changelog may or may not refer to the security
        implications if debug=y is enabled.
      * debug=y bugs are security issues regardless, they are treated
        like any other security issue, i.e. following the process[0].
      * debug=y bugs are somewhere in the middle. (perhaps no embargo,
        less formal announcement etc etc)
      * ...

Any input appreciated. I will draft a process update as necessary based
on the response.

Ian.

[0] http://www.xen.org/projects/security_vulnerability_process.html

  parent reply	other threads:[~2013-01-07 10:21 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <E1Tr9he-0007fM-NC@xenbits.xen.org>
2013-01-04 16:52 ` [PATCH] libxc: x86: ensure that the initial mapping fits into the guest's memory Ian Campbell
2013-01-07  7:00   ` Jan Beulich
2013-01-07 10:35   ` Jan Beulich
2013-01-07 10:37     ` Ian Campbell
2013-01-07 11:05       ` Jan Beulich
2013-01-07 11:39         ` Ian Campbell
2013-01-07 13:37           ` [PATCH V2] " Ian Campbell
2013-01-07 10:21 ` Ian Campbell [this message]
2013-01-07 11:08   ` Security support for debug=y builds (Was Re: Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only)) Keir Fraser
2013-01-07 11:21     ` Andrew Cooper
2013-01-07 11:36       ` Ian Campbell
2013-01-07 12:58         ` James Bulpin
2013-01-07 16:22           ` Keir Fraser
2013-02-08 11:25         ` Ian Campbell
2013-02-08 11:29           ` Ian Campbell
2013-02-08 11:29         ` Ian Campbell
2013-02-08 11:40           ` Jan Beulich
2013-02-08 11:47             ` Ian Campbell
2013-01-07 11:09   ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1357554072.14291.129.camel@zakaz.uk.xensource.com \
    --to=ijc@xen.org \
    --cc=xen-devel@lists.xen.org \
    --cc=xen-users@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.