From: Juergen Gross <jgross@suse.com>
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org
Subject: Re: [PATCH 1/3] xen: xenbus driver must not accept invalid transaction ids
Date: Thu, 22 Dec 2016 16:51:52 +0100 [thread overview]
Message-ID: <a6f9d1df-7637-ec40-3073-4d65ea489869@suse.com> (raw)
In-Reply-To: <6ff2c379-4c23-3b9e-c877-9da74bf3879e@oracle.com>
On 22/12/16 16:38, Boris Ostrovsky wrote:
> On 12/22/2016 02:19 AM, Juergen Gross wrote:
>> When accessing Xenstore in a transaction the user is specifying a
>> transaction id which he normally obtained from Xenstore when starting
>> the transaction. Xenstore is validating a transaction id against all
>> known transaction ids of the connection the request came in. As all
>> requests of a domain not being the one where Xenstore lives share
>> one connection, validation of transaction ids of different users of
>> Xenstore in that domain should be done by the kernel of that domain
>> being the multiplexer between the Xenstore users in that domain and
>> Xenstore.
>>
>> In order to prohibit one Xenstore user to be able to "hijack" a
>> transaction from another user the xenbus driver has to verify a
>> given transaction id against all known transaction ids of the user
>> before forwarding it to Xenstore.
>>
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>
>
> Should this go to stable trees as well?
I don't think it is necessary. First I thought this could be a security
problem, but any user who could make use of that problem could easily
trash complete Xenstore, so there are no additional security concerns
with this "bug" not being handled.
After all it is just a matter of avoiding problems due to buggy Xenstore
users which are probably not existing at all. :-)
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Thanks,
Juergen
next prev parent reply other threads:[~2016-12-22 15:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 7:19 [PATCH 0/3] xen: fix some minor bugs and cleanup of xenbus Juergen Gross
2016-12-22 7:19 ` [PATCH 1/3] xen: xenbus driver must not accept invalid transaction ids Juergen Gross
2016-12-22 15:38 ` Boris Ostrovsky
2016-12-22 15:51 ` Juergen Gross [this message]
2016-12-22 7:19 ` [PATCH 2/3] xen: return xenstore command failures via response instead of rc Juergen Gross
2016-12-22 15:49 ` Boris Ostrovsky
2016-12-22 15:55 ` Juergen Gross
2016-12-22 16:00 ` Boris Ostrovsky
2016-12-22 7:19 ` [PATCH 3/3] xen: remove stale xs_input_avail() from header Juergen Gross
2016-12-22 15:50 ` Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a6f9d1df-7637-ec40-3073-4d65ea489869@suse.com \
--to=jgross@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).