>>> On 16.12.16 at 12:43, wrote:
> Jan Beulich writes ("Re: [PATCH 8/8] libelf: safety: Document safety
> principles in header file"):
>> On 09.12.16 at 16:44, wrote:
>> > + * - Stack local buffer variables containing information derived
>>> On 16.12.16 at 12:33, wrote:
> George Dunlap writes ("Re: [PATCH 8/8] libelf: safety: Document safety
> principles in header file"):
>> > On Dec 16, 2016, at 12:43 AM, Jan Beulich wrote:
>> > As expressed before, I'm not convinced library code
Jan Beulich writes ("Re: [PATCH 8/8] libelf: safety: Document safety principles
in header file"):
> On 09.12.16 at 16:44, wrote:
> > + * - Stack local buffer variables containing information derived from
> > + *the image (including structs, or byte buffers) must
George Dunlap writes ("Re: [PATCH 8/8] libelf: safety: Document safety
principles in header file"):
> > On Dec 16, 2016, at 12:43 AM, Jan Beulich wrote:
> > As expressed before, I'm not convinced library code should be
> > concerned about caller restrictions.
I'm not sure
> On Dec 16, 2016, at 12:43 AM, Jan Beulich wrote:
>
On 09.12.16 at 16:44, wrote:
>> + * - Any loop needs to be accompanied by calls to elf_iter_ok (or
>> + *elf_iter_ok_counted).
>> + *
>> + *Rationale: the image must not be able
>>> On 09.12.16 at 16:44, wrote:
> +/*
> + * DESIGN PRINCIPLES FOR THE SAFETY OF LIBELF
> + *
> + * libelf is a complex piece of code on a security boundary: when
> + * built as part of the tools, it parses guest kernels and loads them
> + * into guest memory. Bugs in
Signed-off-by: Ian Jackson
---
xen/include/xen/libelf.h | 92
1 file changed, 92 insertions(+)
diff --git a/xen/include/xen/libelf.h b/xen/include/xen/libelf.h
index 6436bd7..8b75242 100644
---