Further improve vmm's security model by restricting pledged vmm - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2016-10-29 09:24:54 +0000
committer	reyk <reyk@openbsd.org>	2016-10-29 09:24:54 +0000
commit	c108b2f167e5a4b02a788d3dd65b13a3c4fd490f (patch)
tree	483a6fdbcafd1bdad5fba75b9f29eec4268794a8 /lib/libc/stdlib/malloc.c
parent	Make snmpctl compile again after the env -> snmpd_env rename in snmpd's (diff)
download	wireguard-openbsd-c108b2f167e5a4b02a788d3dd65b13a3c4fd490f.tar.xz wireguard-openbsd-c108b2f167e5a4b02a788d3dd65b13a3c4fd490f.zip

Further improve vmm's security model by restricting pledged vmm

processes to only do VMM_IOC_ ioctls on their associated VM (these ioctls are _RUN, _RESETCPU, _INTR, _READREGS, or _WRITEREGS at present). The vmm monitor (parent) process or any non-pledged processes can still do ioctls on any VM. For example, a VM can only terminate itself but vmctl or the monitor can terminate any VM. This prevents reachover into other VMs: while escaping from a VM to the host side (eg. through a bug in virtio etc.) pledge already kept the attacker in a pledged and privsep'ed process, but now it also prevents vmm ioctls on "other VMs". OK mlarkin@

Diffstat (limited to 'lib/libc/stdlib/malloc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: