Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

from [Markus Armbruster] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Fri, 30 May 2008 11:00:02 +0200
Cc: Eren Türkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 May 2008 02:00:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx> (Ian Jackson's message of "Tue\, 13 May 2008 18\:16\:19 +0100")
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200805081800.24064.turkay.eren@xxxxxxxxx> <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508171255.GA31908@xxxxxxxxxx> <18467.13858.203078.97403@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508172304.GB31908@xxxxxxxxxx> <18467.14318.921215.768838@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508173023.GC31908@xxxxxxxxxx> <18468.29633.937355.26121@xxxxxxxxxxxxxxxxxxxxxxxx> <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) 
I'm looking at xen-unstable cset 17606 and 17646.  If I understand
your patches correctly, you attack the security problem in two places:

(1) make format probing never return raw, and

(2) provide means to specify the format explicitly, bypassing probing.

You put (2) in xenstore_parse_domain_config().  I can see how that
works for block devices defined in the domain configuration.  But what
about USB disks?  I created a guest with the following settings:

    usb = 1
    usbdevice = "disk:/var/lib/xen/images/usbkey.img"

This duly started qemu with arguments

    -usb -usbdevice disk:/var/lib/xen/images/usbkey.img

The -usbdevice argument is ultimately processed by usb_device_add(),
which calls usb_msd_init() to do the real work.  I think we get (1),
but not (2) there, i.e. your change breaks raw format USB disks.

Monitor command "usb_add" also runs usb_device_add(), so it should
have the same problem.

I suspect monitor command "change" has the same problem, too.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [bisected] Re: [PATCH 05 of 12] xen: add p2m mfn_list_list, Jeremy Fitzhardinge
Next by Date:  Re: [Xen-devel] is it possible to build two privileged domain at boot time?, Derek Murray
Previous by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy