]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b70b354) | patch
dev/xenstore: prevent transaction hijacking
authorroyger <royger@FreeBSD.org>
Thu, 24 May 2018 10:18:31 +0000 (10:18 +0000)
committerroyger <royger@FreeBSD.org>
Thu, 24 May 2018 10:18:31 +0000 (10:18 +0000)
commit6cf2249c03bf1e38ff675297b4c8f860d24c0800
treeec9b2ca2936a46a1588f9b5fdcee88032183c5bftree | snapshot
parentb70b354c71224ee980134d8271eca5946ee7bf9ccommit | diff
dev/xenstore: prevent transaction hijacking

The user-space xenstore device is currently lacking a check to make
sure that the caller is only using transaction ids currently assigned
to it. This allows users of the xenstore device to hijack transactions
not started by them, although the scope is limited to transactions
started by the same domain.

Tested by:      Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
sys/dev/xen/xenstore/xenstore_dev.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.