[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Where does PyGrub run?



On 25 April 2012 20:27, Simon Hobson <linux@xxxxxxxxxxxxxxxx> wrote:
>
> eva wrote:
>
>> 1- if pygrub needs to mount the domU, why does it says this?
>> http://wiki.xen.org/wiki/PyGrub
>>
>> "This means that reading the guest filesystem does not require
>> mounting the filesystem"
>
>
> Read the sentence before that : "PyGrub accesses the guest filesystem using a 
> userspace filesystem library ..."
>
> Ie, instead of mounting the image to copy the files, it uses a userspace 
> library to access the filesystem. The difference is that if you just do a 
> regular mount, then the filesystem is mounted by kernel level code in Dom0 - 
> and there is a theoretic risk that if someone finds a vulnerability in that, 
> they can use it to compromise Dom0 with a carefully crafted DomU filesystem. 
> Using a userspace library means that while there's still a risk of 
> compromising the system, they cannot "crash" it as they could be compromising 
> kernel level code.
>
>

Hello Simon,

Thanks for answering. I read that part, but afterwards I read the link
that Luke posted that says:

"The problem with PyGRUB is that while it’s a good simulation of a
bootloader, it has to mount the domU partition"

 
http://wiki.prgmr.com/mediawiki/index.php/Chapter_7:_Hosting_Untrusted_Users_Under_Xen:_Lessons_from_the_Trenches#PV-GRUB:_A_SAFER_ALTERNATIVE_TO_PYGRUB.3F

..hence my confusion.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.