Re: [Xen-devel] Livepatching and Xen Security

2017-05-22 Thread Konrad Rzeszutek Wilk
> > 1. Having tested live-patching thoroughly for at least some version of > > the codebase > > > > 2. Having tested live-patching for one of the Xen 4.9 RCs. > > > > Thoughts? > > As a statement of what XenServer is doing: As a statement of what Oracle is doing. We have been using livepatching

Re: [Xen-devel] Livepatching and Xen Security

2017-05-19 Thread Ian Jackson
Andrew Cooper writes ("Re: [Xen-devel] Livepatching and Xen Security"): > livepatching doesn't use libelf. > > It is a new ELF parsing implementation. I don't think we care very much about bugs in the livepatching elf parser. The livepatches are all completely trus

Re: [Xen-devel] Livepatching and Xen Security

2017-05-19 Thread Andrew Cooper
On 19/05/17 15:32, Wei Liu wrote: > On Thu, May 18, 2017 at 08:07:00PM +0100, Andrew Cooper wrote: >> I would ask however how confident we are that there are no ELF parsing >> bugs in the code? I think it might be very prudent to try and build a >> userspace harness for it and let ALF have a go. >

Re: [Xen-devel] Livepatching and Xen Security

2017-05-19 Thread Wei Liu
On Thu, May 18, 2017 at 08:07:00PM +0100, Andrew Cooper wrote: > I would ask however how confident we are that there are no ELF parsing > bugs in the code? I think it might be very prudent to try and build a > userspace harness for it and let ALF have a go. > There is already a fuzzing harness i

Re: [Xen-devel] Livepatching and Xen Security

2017-05-18 Thread Andrew Cooper
On 18/05/17 17:40, George Dunlap wrote: > There are four general areas I think there may be bugs. > > ## Unprivileged access to Livepatching hypercalls > > ## Bugs in the patch creation tools which create patches with vulnerabilities > > ## Bugs in the patch-application code such that vulnerabiliti

Re: [Xen-devel] Livepatching and Xen Security

2017-05-18 Thread Lars Kurth
On 18/05/2017 17:53, "Ian Jackson" wrote: >George Dunlap writes ("Livepatching and Xen Security"): >> # Executive summary > >I am completely in agreement with your analysis and your conclusions. Me too. I am not sure though whether we need a vote or lazy consensus. For Credit2 (see https://l

Re: [Xen-devel] Livepatching and Xen Security

2017-05-18 Thread Ian Jackson
George Dunlap writes ("Livepatching and Xen Security"): > # Executive summary I am completely in agreement with your analysis and your conclusions. Ian. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

[Xen-devel] Livepatching and Xen Security

2017-05-18 Thread George Dunlap
# Executive summary * It is important for the Livepatching feature to be declared "security supported". * At the moment it's not clear whether we can get osstest support in by the release or not, or if we did whether that would be considered sufficient to consider it supported * I would argue th