Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT

From: Boris Ostrovsky
Date: Mon Feb 13 2017 - 14:20:47 EST

Next message: Kees Cook: "Re: [PATCH] usercopy: add testcases to check zeroing on failure of usercopy"
Previous message: Andrey Konovalov: "net/dccp: use-after-free in dccp_feat_activate_values"
In reply to: Paul Durrant: "[PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Next in thread: Boris Ostrovsky: "Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/13/2017 12:03 PM, Paul Durrant wrote:

The purpose if this ioctl is to allow a user of privcmd to restrict its
operation such that it will no longer service arbitrary hypercalls via
IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when
servicing IOCTL_PRIVCMD_DM_OP.

and IOCTL_PRIVCMD_MMAP*.

The aim of this is to limit the attack
surface for a compromised device model.

-boris

Next message: Kees Cook: "Re: [PATCH] usercopy: add testcases to check zeroing on failure of usercopy"
Previous message: Andrey Konovalov: "net/dccp: use-after-free in dccp_feat_activate_values"
In reply to: Paul Durrant: "[PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Next in thread: Boris Ostrovsky: "Re: [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]