[Pkg-xen-devel] Security module (Flask) support should be disabled

[Ian Jackson]

I notice that the Flask / ACM security module support has been enabled
in the latest Debian Xen packages.  I'm afraid I think this is a
mistake.

In our opinion this code is of very poor quality.  It is certainly
ill-tested and not widely used.

We (Xensource/Citrix) have received more than one serious
vulnerability report, of problems which make an installation with the
Flask support compiled in much less secure than one without (as
opposed to simply failures to provide the additional security
properties intended).

We have passed these reports upstream to the contributors of the Flask
system but even after a substantial time we have not had a
satisfactory resolution.  Sadly these reports are still embargoed so I
can't go into more detail.

I can say that we're considering deprecating or even completely
removing this facility in a future release.  Certainly I would
recommend against deploying a Xen with Flask compiled in.

Ian.