projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ecf795) | patch
tools/xenstore: avoid watch events for nodes without access
authorJuergen Gross <jgross@suse.com>
Thu, 11 Jun 2020 14:12:46 +0000 (16:12 +0200)
committerHans van Kranenburg <hans@knorrie.org>
Tue, 15 Dec 2020 11:28:46 +0000 (12:28 +0100)
commit6f6f16438755a13c3959c8bb7098cc5c15f7e334
tree371e23c1e83b0cbf12c10d109ce68750658a8bactree | snapshot
parent0ecf7959153a9b9b5c362c872dcd4e3ef24269c6commit | diff
tools/xenstore: avoid watch events for nodes without access

Today watch events are sent regardless of the access rights of the
node the event is sent for. This enables any guest to e.g. setup a
watch for "/" in order to have a detailed record of all Xenstore
modifications.

Modify that by sending only watch events for nodes that the watcher
has a chance to see otherwise (either via direct reads or by querying
the children of a node). This includes cases where the visibility of
a node for a watcher is changing (permissions being removed).

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_transaction.c diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
tools/xenstore/xenstored_watch.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.