| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130522201957.GD20848@thunk.org> Date: Wed, 22 May 2013 16:19:57 -0400 From: Theodore Ts'o <tytso@....edu> To: Paolo Bonzini <pbonzini@...hat.com> Cc: "Martin K. Petersen" <martin.petersen@...cle.com>, Tejun Heo <tj@...nel.org>, "James E.J. Bottomley" <JBottomley@...allels.com>, Jens Axboe <axboe@...nel.dk>, linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org Subject: Re: PING^7 (was Re: [PATCH v2 00/14] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542)) On Wed, May 22, 2013 at 09:37:54PM +0200, Paolo Bonzini wrote: > > If it's not theoretical, how does the cloud service control who has > > access to the CD burner, and how are the disks loaded into the CD > > burner? > > CD burning would be used in a VM that runs on your local workstation, so > the VM gets access to the CD burner under your desk. There was also a > developer of a CD burning tool that wanted to test it inside BSD, > Solaris and Windows VMs; the idea is the same. So in both cases all of the VM's and the host OS are within the same trust boundary. This simplifies the security requirements than in the more generic cloud server caser where the VM's are mutually suspicious. This simplifies the requirements of what we need to push into the kernel, yes? - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists