projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 190ddd3) | patch
tools/xenstore: avoid watch events for nodes without access
authorJuergen Gross <jgross@suse.com>
Tue, 15 Dec 2020 12:34:58 +0000 (13:34 +0100)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 12:34:58 +0000 (13:34 +0100)
commite47f438df3bdffe213b6bd28245504c8c7fe367a
tree9f8949215d85d7f8b58ba2afeadea879954487b1tree | snapshot
parent190ddd3403bad28167a070388a904b02b956093ccommit | diff
tools/xenstore: avoid watch events for nodes without access

Today watch events are sent regardless of the access rights of the
node the event is sent for. This enables any guest to e.g. setup a
watch for "/" in order to have a detailed record of all Xenstore
modifications.

Modify that by sending only watch events for nodes that the watcher
has a chance to see otherwise (either via direct reads or by querying
the children of a node). This includes cases where the visibility of
a node for a watcher is changing (permissions being removed).

This is part of XSA-115.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Paul Durrant <paul@xen.org>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_transaction.c diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
tools/xenstore/xenstored_watch.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.