> On Dec 16, 2016, at 12:43 AM, Jan Beulich <jbeul...@suse.com> wrote: > >>>> On 09.12.16 at 16:44, <ian.jack...@eu.citrix.com> wrote: >> + * - Any loop needs to be accompanied by calls to elf_iter_ok (or >> + * elf_iter_ok_counted). >> + * >> + * Rationale: the image must not be able to cause libelf to do >> + * unbounded work (ie, get stuck in a loop). > > As expressed before, I'm not convinced library code should be > concerned about caller restrictions.
People designing toolstacks that call this function are likely to be thinking about domains and things, not, “What happens if I get a rogue elf image that causes this function to run forever?” I think if we can prevent libelf-source DoS bugs in all toolstacks that rely on libxl, then it makes sense to do so. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
