Re: PING^7 (was Re: [PATCH v2 00/14] Corrections and customizationof the SG_IO command whitelist (CVE-2012-4542))

[Theodore Ts'o]

On Wed, May 22, 2013 at 09:37:54PM +0200, Paolo Bonzini wrote:
> > If it's not theoretical, how does the cloud service control who has
> > access to the CD burner, and how are the disks loaded into the CD
> > burner?
> 
> CD burning would be used in a VM that runs on your local workstation, so
> the VM gets access to the CD burner under your desk.  There was also a
> developer of a CD burning tool that wanted to test it inside BSD,
> Solaris and Windows VMs; the idea is the same.

So in both cases all of the VM's and the host OS are within the same
trust boundary.  This simplifies the security requirements than in the
more generic cloud server caser where the VM's are mutually
suspicious.  This simplifies the requirements of what we need to push
into the kernel, yes?

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/