thr3ads.net - Xen devel - [Xen-devel] I/O port access permission [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Jan Beulich

2006-Aug-01 15:02 UTC

[Xen-devel] I/O port access permission

Isn''t it inconsistent (and perhaps to be considered a security hole)
that construct_dom0() specifically revokes access for a small group of
ports, but DOM0_IOPORT_PERMISSION blindly grants access to any ports
(including the ''special'' ones) and any domain?

Thanks, Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Keir Fraser

2006-Aug-01 15:37 UTC

head link

Re: [Xen-devel] I/O port access permission

On 1 Aug 2006, at 16:02, Jan Beulich wrote:
> Isn''t it inconsistent (and perhaps to be considered a security
hole)
> that construct_dom0() specifically revokes access for a small group of
> ports, but DOM0_IOPORT_PERMISSION blindly grants access to any ports
> (including the ''special'' ones) and any domain?
>
> Thanks, Jan
The intention was sane start-of-day settings, not absolute security. We 
could add an ''absolutely no access'' rangeset but it''s
not clear it''s
worth it.

  -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Aug 2006 - I/O port access permission

[Xen-devel] I/O port access permission

Re: [Xen-devel] I/O port access permission