From mboxrd@z Thu Jan 1 00:00:00 1970 From: Doug Goldstein Subject: Re: XSM permissive by default. Date: Tue, 8 Mar 2016 20:11:31 -0600 Message-ID: <56DF8653.9060705@cardoe.com> References: <20160309015100.GA5420@localhost.localdomain> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0531241337154867802==" Return-path: Received: from mail6.bemta6.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.84) (envelope-from ) id 1adTb9-0004ln-BX for xen-devel@lists.xenproject.org; Wed, 09 Mar 2016 02:11:39 +0000 Received: by mail-yk0-f172.google.com with SMTP id r203so9476158ykd.3 for ; Tue, 08 Mar 2016 18:11:37 -0800 (PST) In-Reply-To: <20160309015100.GA5420@localhost.localdomain> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Konrad Rzeszutek Wilk , dgdegra@tycho.nsa.gov, xen-devel@lists.xenproject.org, andrew.cooper3@citrix.com, Machon Gregory List-Id: xen-devel@lists.xenproject.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0531241337154867802== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6QqMasMJA7Q88sxAW5Oqjl0dnENp95Jok" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6QqMasMJA7Q88sxAW5Oqjl0dnENp95Jok Content-Type: multipart/mixed; boundary="4fmX6Vl5lA2PslIfqhGRfkCPjOB6P3tHs" From: Doug Goldstein To: Konrad Rzeszutek Wilk , dgdegra@tycho.nsa.gov, xen-devel@lists.xenproject.org, andrew.cooper3@citrix.com, Machon Gregory Message-ID: <56DF8653.9060705@cardoe.com> Subject: Re: [Xen-devel] XSM permissive by default. References: <20160309015100.GA5420@localhost.localdomain> In-Reply-To: <20160309015100.GA5420@localhost.localdomain> --4fmX6Vl5lA2PslIfqhGRfkCPjOB6P3tHs Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 3/8/16 7:51 PM, Konrad Rzeszutek Wilk wrote: > Hey, >=20 > I was wondering if it we should change the default flask_bootparam > option from permissive to disabled? >=20 > The reason being is that I was startled to see that my xSplice > code was able to patch the hypervisor from within an PV guest! >=20 > Further testing showed that I could do 'xl debug-keys R' from > within the guests. This being possible with released 4.6 if I have > XSM enabled. >=20 > All of this is due to the fact that I had forgotten to load the policy,= > but Xen just told me: >=20 > Flask: Access controls disabled until policy is loaded. >=20 > which is an understatement. I somehow had expected that if no > policy was loaded it would revert to the dummy one which has the > same permission as the non-XSM build. Ha! What a surprise.. That's certainly been my assumption as well. >=20 > Now that the XSM is enabled via config it becomes much more > easy to enable it.. >=20 > Or perhaps change the code to flask so that if there are any > errors loading the policy it uses the dummy one? >=20 To me that's what that error message from flask meant so I think that's the most sane default. Being in a worse state than if you had built without it. Machon, Something to consider for the Yocto builds as well. --=20 Doug Goldstein --4fmX6Vl5lA2PslIfqhGRfkCPjOB6P3tHs-- --6QqMasMJA7Q88sxAW5Oqjl0dnENp95Jok Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0 iQJ8BAEBCgBmBQJW34ZWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUgPYP/0bXQliA7C9Amb+kfSeEqBX6 tZB5dRAY5bFfjCjjIfklmUefnYDbb5uahohI0M24QZKaJWiZAmY+xMBLLXwuFsES 0f4yPzbNGwsI/RKczaTAOfzxMAfWOCBxJrAkL6Yp3m7aUwC8HpgjAN3F0W0ubiHl 5k6Ehw1CzMeEviGssieZGMX3qyUdMbKZT7fABKwPTfxchQKc6758eXYGwLKqiz7r 3Z+2q/Fa3Mk32eZOhBA1ckX++vyLBRgZFaeV+uoWoyXbtbR8+0eIY4zo/Ov9Qw8u MHlL+T4xbwe8yDOY1fBh0TClPAA46ESeoGIj2zksH7f54/DTo5Xh+P+wv+QMg45m K9J/8BaqBuzK2Xm0ycqu/cvaoBnEDl4+GLLufozDPQbbp/1FACrbd2Z0uyNHcL7r KbkAx5o64eTmaQKDLPNP030aGnLWloAjhvIBCqsbf7+PbyZ4eKUeCXLFfkLff1RQ B+7PtR5/uq/YJXuprTCY7MNVZizCa2F1HDHIFadOHEP2LPePdFYE9lxLSe7Bb+Gk U4QDPNARt4GTV2gcI6CFm+gRd2yNpE2x9uvQI5KQEHZJMUrvOfH+qdrMts5vdZw5 Pfcbr7tWiWVrMQ7yFNTNBuymp90l+75GsnXZV/ekccVvMpdpprp06vnYqi/Ehbot HLDnccksPrOwa3zxUdgj =es6+ -----END PGP SIGNATURE----- --6QqMasMJA7Q88sxAW5Oqjl0dnENp95Jok-- --===============0531241337154867802== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y Zy94ZW4tZGV2ZWwK --===============0531241337154867802==--