From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Subject: Re: [RFC PATCH 0/18] Xenstore stub domain
Date: Thu, 12 Jan 2012 11:33:17 +0100
Message-ID: <4F0EB6ED.3030900@invisiblethingslab.com>
References: <1326302490-19428-1-git-send-email-dgdegra@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4596669422603345087=="
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <1326302490-19428-1-git-send-email-dgdegra@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xensource.com/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============4596669422603345087==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigF17F1250A6A75B76D03CE292"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF17F1250A6A75B76D03CE292
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 01/11/12 18:21, Daniel De Graaf wrote:
> This patch series allows xenstored to run in a stub domian started by
> dom0. It is based on a patch series posted by Alex Zeffertt in 2009 -
> http://old-list-archives.xen.org/archives/html/xen-devel/2009-03/msg014=
88.html
>=20

Daniel,

Can you explain what is the rationale for moving the xenstored into a
stubdom? After all, if an attacker is able to compromise the xenstored,
there should be many ways now how to compromise other VMs in the system?
And it shouldn't matter whether the xenstored is in stubdom or whether
in Dom0. E.g. the attacker might redirect the block fronts to us some
false block backends, so that the VMs get compromised fs. One could
probably think of other attacks as well...?

joanna.


--------------enigF17F1250A6A75B76D03CE292
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJPDrbtAAoJEDaIqHeRBUM0KQwH/2Dzfv12e78sjJIPsl67rPXR
j3bFj0gqSbwStDI+RtLYW6bwwe1JEJHC4PUCiaoPVF2V7zGXG04E9VfAyOSUvreP
UwgtxzTZQa7T/RqgRE8EdGrLwMtJnukiOXujbVtBMUGFxVUjxMt9w7peXSJM9fE0
KY3OIMglz0OR3ZB1YUOEyMKP9rsXQeazJ8pEdXn0j+sWcGZSV3/gZ+1BXqqqpWOV
RjjCQav3idMkWzQhPZ8acRQvyZlU7LeyfSFMBAktES0D+qenP1KetUkyan4yPVeR
MVYqQiEPrgMXvQWGjlUoVR00nElmbXtlaZNJ6VmdWTISMagSAxpqIammRSdVxvg=
=5CNv
-----END PGP SIGNATURE-----

--------------enigF17F1250A6A75B76D03CE292--


--===============4596669422603345087==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--===============4596669422603345087==--