On 10/16/2017 11:55 AM, Ian Jackson wrote:
Ross Lagerwall writes ("[PATCH v2 2/2] xentoolcore_restrict_all: Implement for
libxenevtchn"):
Signed-off-by: Ross Lagerwall <ross.lagerw...@citrix.com>
...
int osdep_evtchn_open(xenevtchn_handle *xce);
diff --git a/tools/libs/toolcore/include/xentoolcore.h
b/tools/libs/toolcore/include/xentoolcore.h
index be6c570..ef9c670 100644
--- a/tools/libs/toolcore/include/xentoolcore.h
+++ b/tools/libs/toolcore/include/xentoolcore.h
@@ -31,11 +31,6 @@
* Arranges that Xen library handles (fds etc.) which are currently held
* by Xen libraries, can no longer be used other than to affect domid.
*
- * Does not prevent effects that amount only to
- * - denial of service, possibly host-wide, by resource exhaustion etc.
- * - leak of not-very-interesting metainformation about other domains
- * eg, specifically, event channel signals relating to other domains
Are we sure that all possible resource exhaustion attacks are now
excluded ?
No, I'm not sure. I'll keep the first point for now.
--
Ross Lagerwall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel