projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5073c6b) | patch
tools/xenstore: avoid watch events for nodes without access
authorJuergen Gross <jgross@suse.com>
Thu, 11 Jun 2020 14:12:46 +0000 (16:12 +0200)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 13:06:21 +0000 (14:06 +0100)
commit0a79a1b1d8fc6214f162b2d7b00f5d3533109820
tree41abeca5f7736705c9a20a3057f067a5d0123abetree | snapshot
parent5073c6b169dd12ec02afc145d4177f97831646e0commit | diff
tools/xenstore: avoid watch events for nodes without access

Today watch events are sent regardless of the access rights of the
node the event is sent for. This enables any guest to e.g. setup a
watch for "/" in order to have a detailed record of all Xenstore
modifications.

Modify that by sending only watch events for nodes that the watcher
has a chance to see otherwise (either via direct reads or by querying
the children of a node). This includes cases where the visibility of
a node for a watcher is changing (permissions being removed).

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_transaction.c diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
tools/xenstore/xenstored_watch.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.