-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4.1: qrexec protocol changes #4909
Closed
3 tasks
Labels
C: core
P: major
Priority: major. Between "default" and "critical" in severity.
release notes
This issue should be mentioned in the release notes.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Milestone
Comments
marmarek
added
C: core
P: major
Priority: major. Between "default" and "critical" in severity.
release notes
This issue should be mentioned in the release notes.
labels
Mar 25, 2019
andrewdavidwong
added
the
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
label
Mar 25, 2019
marmarek
added a commit
to QubesOS/qubes-doc
that referenced
this issue
Mar 31, 2019
marmarek
added a commit
to marmarek/qubes-core-admin-linux
that referenced
this issue
Apr 5, 2019
Use lower version from (local, remote). QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 5, 2019
Use lower version from (local, remote). QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-agent-linux
that referenced
this issue
Apr 8, 2019
Use lower version from (local, remote). QubesOS/qubes-issues#4909
marmarek
added a commit
to QubesOS/qubes-core-qrexec
that referenced
this issue
Apr 13, 2019
Use lower version from (local, remote). QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 13, 2019
Use lower version from (local, remote). QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 22, 2019
- allow agent to be older than daemon - save negotiated version for further use QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 22, 2019
Vchan can hold (in current configuration) up to 64k of data in one go. Do not force context switches more often than it's necessary - increase max chunk size at qrexec protocol level too. This should be safe against deadlocks, as qrexec agent/client will adjust actual data chunk to available vchan buffer size anyway. This change require protocol version bump (coming in subsequent commit), as remote side validate the size. And since some VMs may be updated later, support old value too - based on negotiated protocol version. Make change in qrexec.h the way to produce compile error rather than unexpected (potentially unsafe result): do not increase existing MAX_DATA_CHUNK define, instead remove it and add MAX_DATA_CHUNK_V2 and MAX_DATA_CHUNK_V3. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 22, 2019
Model new MSG_TRIGGER_SERVICE (vm->dom0) on MSG_EXEC_CMDLINE - put service name at the end and make it arbitrary length, with length calculated from header's 'len' field. This also require adjusting qrexec-client-vm<->qrexec-agent protocol, which means qrexec-agent needs to be restarted on update, before that all calls will fail. Make it new protocol message (MSG_TRIGGER_SERVICE3) and preserve the old one for backward compatibility. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 22, 2019
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
- allow agent to be older than daemon - save negotiated version for further use QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
Vchan can hold (in current configuration) up to 64k of data in one go. Do not force context switches more often than it's necessary - increase max chunk size at qrexec protocol level too. This should be safe against deadlocks, as qrexec agent/client will adjust actual data chunk to available vchan buffer size anyway. This change require protocol version bump (coming in subsequent commit), as remote side validate the size. And since some VMs may be updated later, support old value too - based on negotiated protocol version. Make change in qrexec.h the way to produce compile error rather than unexpected (potentially unsafe result): do not increase existing MAX_DATA_CHUNK define, instead remove it and add MAX_DATA_CHUNK_V2 and MAX_DATA_CHUNK_V3. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
Model new MSG_TRIGGER_SERVICE (vm->dom0) on MSG_EXEC_CMDLINE - put service name at the end and make it arbitrary length, with length calculated from header's 'len' field. This also require adjusting qrexec-client-vm<->qrexec-agent protocol, which means qrexec-agent needs to be restarted on update, before that all calls will fail. Make it new protocol message (MSG_TRIGGER_SERVICE3) and preserve the old one for backward compatibility. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
Model new MSG_TRIGGER_SERVICE (vm->dom0) on MSG_EXEC_CMDLINE - put service name at the end and make it arbitrary length, with length calculated from header's 'len' field. This also require adjusting qrexec-client-vm<->qrexec-agent protocol, which means qrexec-agent needs to be restarted on update, before that all calls will fail. Make it new protocol message (MSG_TRIGGER_SERVICE3) and preserve the old one for backward compatibility. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Apr 23, 2019
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
May 18, 2019
- allow agent to be older than daemon - save negotiated version for further use QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
May 18, 2019
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
May 18, 2019
Vchan can hold (in current configuration) up to 64k of data in one go. Do not force context switches more often than it's necessary - increase max chunk size at qrexec protocol level too. This should be safe against deadlocks, as qrexec agent/client will adjust actual data chunk to available vchan buffer size anyway. This change require protocol version bump (coming in subsequent commit), as remote side validate the size. And since some VMs may be updated later, support old value too - based on negotiated protocol version. Make change in qrexec.h the way to produce compile error rather than unexpected (potentially unsafe result): do not increase existing MAX_DATA_CHUNK define, instead remove it and add MAX_DATA_CHUNK_V2 and MAX_DATA_CHUNK_V3. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
May 18, 2019
Model new MSG_TRIGGER_SERVICE (vm->dom0) on MSG_EXEC_CMDLINE - put service name at the end and make it arbitrary length, with length calculated from header's 'len' field. This also require adjusting qrexec-client-vm<->qrexec-agent protocol, which means qrexec-agent needs to be restarted on update, before that all calls will fail. Make it new protocol message (MSG_TRIGGER_SERVICE3) and preserve the old one for backward compatibility. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
May 18, 2019
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Jun 3, 2019
Vchan can hold (in current configuration) up to 64k of data in one go. Do not force context switches more often than it's necessary - increase max chunk size at qrexec protocol level too. This should be safe against deadlocks, as qrexec agent/client will adjust actual data chunk to available vchan buffer size anyway. This change require protocol version bump (coming in subsequent commit), as remote side validate the size. And since some VMs may be updated later, support old value too - based on negotiated protocol version. Make change in qrexec.h the way to produce compile error rather than unexpected (potentially unsafe result): do not increase existing MAX_DATA_CHUNK define, instead remove it and add MAX_DATA_CHUNK_V2 and MAX_DATA_CHUNK_V3. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Jun 3, 2019
Model new MSG_TRIGGER_SERVICE (vm->dom0) on MSG_EXEC_CMDLINE - put service name at the end and make it arbitrary length, with length calculated from header's 'len' field. This also require adjusting qrexec-client-vm<->qrexec-agent protocol, which means qrexec-agent needs to be restarted on update, before that all calls will fail. Make it new protocol message (MSG_TRIGGER_SERVICE3) and preserve the old one for backward compatibility. QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-qrexec
that referenced
this issue
Jun 3, 2019
This was referenced Jun 8, 2019
FYI, the above in the OP is a broken link. Thanks, |
Thanks, updated the links to point at the old (R4.0) version. |
copy_file still using 4KB buffer? https://github.com/QubesOS/qubes-linux-utils/blob/master/qrexec-lib/copy-file.c
|
marmarek
added a commit
to marmarek/qubes-core-agent-windows
that referenced
this issue
Jan 27, 2024
Do not fail immediately if service name with the argument is too long for the path name, but try the name without the argument anyway. Part of QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-agent-windows
that referenced
this issue
Jan 27, 2024
Do not fail immediately if service name with the argument is too long for the path name, but try the name without the argument anyway. While at it, fix missing error handling for StringCchPrintf. Part of QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-agent-windows
that referenced
this issue
Jan 31, 2024
Do not fail immediately if service name with the argument is too long for the path name, but try the name without the argument anyway. While at it, fix missing error handling for StringCchPrintf. Part of QubesOS/qubes-issues#4909
marmarek
added a commit
to marmarek/qubes-core-agent-windows
that referenced
this issue
Jan 31, 2024
Do not fail immediately if service name with the argument is too long for the path name, but try the name without the argument anyway. While at it, fix missing error handling for StringCchPrintf. Part of QubesOS/qubes-issues#4909
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
C: core
P: major
Priority: major. Between "default" and "critical" in severity.
release notes
This issue should be mentioned in the release notes.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Over the time, few qrexec protocol changes have accumulated. Lets implement them in R4.1, since qrexec will get some other related changes too (#4370)
Planned qrexec protocol changes for R4.1:
MSG_EXEC_CMDLINE
). For compatibility reasons, this should be a new message (available only in a new protocol version).The text was updated successfully, but these errors were encountered: