|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Where does PyGrub run?
On 25 April 2012 20:27, Simon Hobson <linux@xxxxxxxxxxxxxxxx> wrote: > > eva wrote: > >> 1- if pygrub needs to mount the domU, why does it says this? >> http://wiki.xen.org/wiki/PyGrub >> >> "This means that reading the guest filesystem does not require >> mounting the filesystem" > > > Read the sentence before that : "PyGrub accesses the guest filesystem using a > userspace filesystem library ..." > > Ie, instead of mounting the image to copy the files, it uses a userspace > library to access the filesystem. The difference is that if you just do a > regular mount, then the filesystem is mounted by kernel level code in Dom0 - > and there is a theoretic risk that if someone finds a vulnerability in that, > they can use it to compromise Dom0 with a carefully crafted DomU filesystem. > Using a userspace library means that while there's still a risk of > compromising the system, they cannot "crash" it as they could be compromising > kernel level code. > > Hello Simon, Thanks for answering. I read that part, but afterwards I read the link that Luke posted that says: "The problem with PyGRUB is that while it’s a good simulation of a bootloader, it has to mount the domU partition" http://wiki.prgmr.com/mediawiki/index.php/Chapter_7:_Hosting_Untrusted_Users_Under_Xen:_Lessons_from_the_Trenches#PV-GRUB:_A_SAFER_ALTERNATIVE_TO_PYGRUB.3F ..hence my confusion. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |