Demi Marie Obenour [d...@invisiblethingslab.com] wrote: > Linux???s netfront and blkfront drivers recently had a security > vulnerability (XSA-396) that allowed a malicious backend to potentially > compromise them. In follow-up audits, I found that OpenBSD???s xnf(4) > currently trusts the backend domain. I reported this privately to Theo > de Raadt, who indicated that OpenBSD does not consider this to be a > security concern. >
A malicious backend could completely compromise the virtual host in an infinite number of ways. Perhaps a small patch to find incorrect values would be of value, but even then, a patch would only be a very slight improvment. If you patch the manual page, should OpenBSD start putting notifications in all manual pages that a compromised virtual machine backend may compromise the integrity of the virtual host? Chris
