Dear all,
In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back. As a result, the client can learn about the errno of the
last failed request to xenstored (which could have come from another
client). (An unintended information channel! :-)
Attached is a patch that I believe fixes the problem. Also included are
a couple of test cases that demonstrate the problem.
Cheers,
Magnus
In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back. As a result, the client can learn about the errno of the
last failed request to xenstored (which could have come from another
client). (An unintended information channel! :-)
Attached is a patch that I believe fixes the problem. Also included are
a couple of test cases that demonstrate the problem.
Cheers,
Magnus