> On 11 Nov 2015, at 09:59, Lars Kurth wrote:
>
>>> but it doesn't seem
>>> to have a lot of community effort behind it and it too attempts to
>>> install dependencies on my machine and wants to be run with sudo.
>>
>> I believe it has a mode where it simply checks for dependencies and tells
>>
On Fri, 6 Nov 2015, Joanna Rutkowska wrote:
> Can we, the Qubes OS project, or myself personally, help with implementing the
> above suggestions? Sadly, no. While some of us do contribute occasional
> patches
> to Xen (specifically Marek Marczykowski-Górecki), we really work for a
> different
> p
On Mon, Nov 09, 2015 at 03:48:42PM -0600, Doug Goldstein wrote:
[...]
> As far as the compile time support goes I'm aiming for this as well.
> I've been working on Kconfig support and hope to get that pushed soon
> and the idea being that less mature features can be kept off until
> they're ready t
> On 11 Nov 2015, at 09:43, Ian Campbell wrote:
>
>> Project Raisin is aiming to help with this
>
> Indeed, and it might also allow us to make some of the above options the
> default in the future.
>
> Maybe in the meantime perhaps a ./configure --ensure-offline or --disable-
> downloads which
On Mon, 2015-11-09 at 15:48 -0600, Doug Goldstein wrote:
>
> I'll echo this sentiment as well. Most distro packagers will dislike
> this and need to work around some of this behavior in their respective
> distros.
This is something we have been working upstream to address as well. As it
stands I
+1... so many great points here that ive thought many times its almost as
if i could have written it
great post!
chris
On Fri, Nov 6, 2015 at 12:22 PM, Joanna Rutkowska <
joa...@invisiblethingslab.com> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> Recently Xen has rele
On 11/6/15 11:22 AM, Joanna Rutkowska wrote:
> Hello,
>
> Recently Xen has released the XSA-148 advisory [1] addressing a fatal bug in
> the
> hypervisor. The bug has been lurking there for the last 7 years! We, the Qubes
> OS Project, have commented on this in our Security Bulletin #22 [2]. And
>>> On 06.11.15 at 18:22, wrote:
> 1. First of all, I wish Xen was somehow more defensively coded. To provide
> some
> examples:
>
> a. In XSA-109 [5] there was a problem with the hypervisor dereferencing a
> NULL
> pointer. The problem was fixed by the Xen Security Team by applying a patch
> w
Well exposed, thank you Johanna.
Just one question: anybody knows which EAL level has Xen being certified
for?
The question may seem stupid, but I wonder if the approach of closing
execution path can survive to semiformal or formal verification.
Thanks
L.
On Friday, November 6, 2015 at 10:24:00 AM UTC-7, joanna wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> Recently Xen has released the XSA-148 advisory [1] addressing a fatal bug
> in the
> hypervisor. The bug has been lurking there for the last 7 years! We, the
>
On Fri, Nov 06, 2015, Joanna Rutkowska wrote
> [snip] I was then asked to share some more
> thoughts about how I thought Xen could actually improve its security
> process [4].
Thanks Joanna for taking the time to put these thoughts into writing.
I think there are a number of actionable things here
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Recently Xen has released the XSA-148 advisory [1] addressing a fatal bug in the
hypervisor. The bug has been lurking there for the last 7 years! We, the Qubes
OS Project, have commented on this in our Security Bulletin #22 [2]. And far
from en
12 matches
Mail list logo
