From: George Dunlap <george.dunlap@citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>
Cc: StefanoStabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Konrad Wilk <konrad.wilk@oracle.com>, Tim Deegan <tim@xen.org>,
Jan Beulich <JBeulich@suse.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH 10/16] SUPPORT.md: Add Debugging, analysis, crash post-portem
Date: Wed, 22 Nov 2017 10:51:38 +0000 [thread overview]
Message-ID: <b36eadc2-a2b1-255a-c23e-373f2ede8fdd@citrix.com> (raw)
In-Reply-To: <6af99e12-ef34-332c-cfcf-b7647ead26e3@citrix.com>
On 11/21/2017 07:21 PM, Andrew Cooper wrote:
> On 21/11/17 19:05, Ian Jackson wrote:
>> George Dunlap writes ("Re: [PATCH 10/16] SUPPORT.md: Add Debugging, analysis, crash post-portem"):
>>> gdbsx security support: Someone may want to debug an untrusted guest,
>>> so I think we should say 'yes' here.
>> I think running gdb on an potentially hostile program is foolish.
>>
>>> I don't have a strong opinion on gdbsx; I'd call it 'supported', but if
>>> you think we need to exclude it from security support I'm happy with
>>> that as well.
>> gdbsx itself is probably simple enough to be fine but I would rather
>> not call it security supported because that might encourage people to
>> use it with gdb.
>>
>> If someone wants to use gdbsx with something that's not gdb then they
>> might want to ask us to revisit that.
>
> If gdbsx chooses (or gets tricked into using) DOMID_XEN, then it gets
> arbitrary read/write access over hypervisor virtual address space, due
> to the behaviour of the hypercalls it uses.
>
> As a tool, it mostly functions (there are some rather sharp corners
> which I've not gotten time to fix so far), but it is definitely not
> something I would trust in a hostile environment.
Right -- "not security supported" it is. :-)
-George
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-11-22 10:51 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-13 15:41 [PATCH 01/16] Introduce skeleton SUPPORT.md George Dunlap
2017-11-13 15:41 ` [PATCH 02/16] SUPPORT.md: Add core functionality George Dunlap
2017-11-21 8:03 ` Jan Beulich
2017-11-21 10:36 ` George Dunlap
2017-11-21 11:34 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 03/16] SUPPORT.md: Add some x86 features George Dunlap
2017-11-21 8:09 ` Jan Beulich
2017-11-21 10:42 ` George Dunlap
2017-11-21 11:35 ` Jan Beulich
2017-11-21 12:24 ` George Dunlap
2017-11-21 13:00 ` Jan Beulich
2017-11-21 12:32 ` Ian Jackson
2017-11-13 15:41 ` [PATCH 04/16] SUPPORT.md: Add core ARM features George Dunlap
2017-11-21 8:11 ` Jan Beulich
2017-11-21 10:45 ` George Dunlap
2017-11-21 10:59 ` Julien Grall
2017-11-21 11:37 ` Jan Beulich
2017-11-21 12:39 ` George Dunlap
2017-11-21 13:01 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 05/16] SUPPORT.md: Toolstack core George Dunlap
2017-11-13 15:41 ` [PATCH 06/16] SUPPORT.md: Add scalability features George Dunlap
2017-11-16 15:19 ` Julien Grall
2017-11-16 15:30 ` George Dunlap
2017-11-21 16:43 ` George Dunlap
2017-11-21 17:31 ` Julien Grall
2017-11-21 17:51 ` George Dunlap
2017-11-21 8:16 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 07/16] SUPPORT.md: Add virtual devices common to ARM and x86 George Dunlap
2017-11-21 8:29 ` Jan Beulich
2017-11-21 9:19 ` Paul Durrant
2017-11-21 10:56 ` George Dunlap
2017-11-21 11:41 ` Jan Beulich
2017-11-21 17:20 ` George Dunlap
2017-11-22 11:05 ` Jan Beulich
2017-11-22 16:16 ` George Dunlap
2017-11-21 17:35 ` George Dunlap
2017-11-22 11:07 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 08/16] SUPPORT.md: Add x86-specific virtual hardware George Dunlap
2017-11-21 8:39 ` Jan Beulich
2017-11-21 18:02 ` George Dunlap
2017-11-22 11:11 ` Jan Beulich
2017-11-22 11:21 ` George Dunlap
2017-11-22 11:45 ` George Dunlap
2017-11-22 16:30 ` George Dunlap
2017-11-13 15:41 ` [PATCH 09/16] SUPPORT.md: Add ARM-specific " George Dunlap
2017-11-16 15:41 ` Julien Grall
2017-11-22 16:32 ` George Dunlap
2017-11-16 15:41 ` Julien Grall
2017-11-13 15:41 ` [PATCH 10/16] SUPPORT.md: Add Debugging, analysis, crash post-portem George Dunlap
2017-11-21 8:48 ` Jan Beulich
2017-11-21 18:19 ` George Dunlap
2017-11-21 19:05 ` Ian Jackson
2017-11-21 19:21 ` Andrew Cooper
2017-11-22 10:51 ` George Dunlap [this message]
2017-11-22 11:15 ` Jan Beulich
2017-11-22 17:06 ` George Dunlap
2017-11-13 15:41 ` [PATCH 11/16] SUPPORT.md: Add 'easy' HA / FT features George Dunlap
2017-11-21 8:49 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 12/16] SUPPORT.md: Add Security-releated features George Dunlap
2017-11-16 16:23 ` Konrad Rzeszutek Wilk
2017-11-21 8:52 ` Jan Beulich
2017-11-22 17:13 ` George Dunlap
2017-11-23 10:13 ` Jan Beulich
2017-11-13 15:41 ` [PATCH 13/16] SUPPORT.md: Add secondary memory management features George Dunlap
2017-11-21 8:54 ` Jan Beulich
2017-11-21 19:55 ` Andrew Cooper
2017-11-22 17:15 ` George Dunlap
2017-11-23 10:35 ` Jan Beulich
2017-11-23 10:42 ` Olaf Hering
2017-11-23 11:55 ` Olaf Hering
2017-11-23 12:00 ` George Dunlap
2017-11-23 12:17 ` Andrew Cooper
2017-11-23 12:45 ` Olaf Hering
2017-11-23 12:58 ` Andrew Cooper
2017-11-23 17:58 ` George Dunlap
2017-11-13 15:41 ` [PATCH 14/16] SUPPORT.md: Add statement on PCI passthrough George Dunlap
2017-11-14 13:25 ` Marek Marczykowski-Górecki
2017-11-22 17:18 ` George Dunlap
2017-11-16 15:43 ` Julien Grall
2017-11-22 18:58 ` George Dunlap
2017-11-22 19:05 ` Rich Persaud
2017-11-21 8:59 ` Jan Beulich
2017-11-22 17:20 ` George Dunlap
2017-11-13 15:41 ` [PATCH 15/16] SUPPORT.md: Add statement on migration RFC George Dunlap
2017-11-13 15:41 ` [PATCH 16/16] SUPPORT.md: Add limits RFC George Dunlap
2017-11-21 9:26 ` Jan Beulich
2017-11-22 18:01 ` George Dunlap
2017-11-23 10:33 ` Jan Beulich
2017-11-13 15:43 ` [PATCH 01/16] Introduce skeleton SUPPORT.md George Dunlap
2017-11-20 17:01 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b36eadc2-a2b1-255a-c23e-373f2ede8fdd@citrix.com \
--to=george.dunlap@citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=konrad.wilk@oracle.com \
--cc=sstabellini@kernel.org \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.