| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 02 Jan 2013 10:54:51 -0500 From: Daniel De Graaf <dgdegra@...ho.nsa.gov> To: Tamas Lengyel <tamas.lengyel@...tific.com> CC: konrad.wilk@...cle.com, jeremy@...p.org, xen-devel@...ts.xensource.com, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Access control in Xen privcmd_ioctl_mmap On 12/31/2012 03:44 PM, Tamas Lengyel wrote: > In the privcmd Linux driver two checks in the functions > privcmd_ioctl_mmap and privcmd_ioctl_mmap_batch are not needed as they > are trying to enforce hypervisor-level access control. They should be > removed as they break secondary control domains when performing dom0 > disaggregation. Xen itself provides adequate security controls around > these hypercalls and these checks prevent those controls from > functioning as intended. > > The patch applies to the stable Linux 3.7.1 kernel. It also applies to (and I have tested it on) 3.8-rc1. > Signed-off-by: Tamas K Lengyel <tamas.lengyel@...tific.com> > Cc: Daniel De Graaf <dgdegra@...ho.nsa.gov> > Cc: xen-devel@...ts.xensource.com > Cc: linux-kernel@...r.kernel.org Acked-by: Daniel De Graaf <dgdegra@...ho.nsa.gov> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists