Comment 2 for bug 1074087
Revision history for this message
| Erica Windisch (ewindisch) wrote Re: Xen migration driver should use execvp | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I've looked further and realized that the user variable is clearly not a vector.
Someone could clearly exploit a Xen host through this method given access to the database or messaging bus. Through said such mechanism, they could also trigger a host to send them the contents of a guest's disk over the network. Of course, such things may be true in many places throughout Nova today.
There doesn't appear to be any variables used in this function that is sourced directly from user input in an otherwise normally operating and secure deployment.