[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-users] Where does PyGrub run?
On 28 April 2012 05:42, Luke S. Crawford <lsc@xxxxxxxxx> wrote:
Technically, mine is wrong; it uses libfsimage to pull the kernel out
of the block device, it doesn't mount it. But that has many of the
dangers of mounting directly. (As someone else pointed out, I think,
libfsimage can be run as something other than root, as long as it has read
access to the block device, and that helps some, though by default I think
it does run as root. But Pvgrub runs entirely within the guest, so there
is no way a problem in pvgrub can lead to a dom0 compromise.)
Note, pvgrub also protects you from, say, exploits in the code used to
decompress the kernel; with pvgrub, the kernel is uncompressed within
the DomU.
> In that link I see the answer to your other query. In there, in
> extolling the virtues of pvgrub, the author is hinting (but
> explicitly stating) that he is providing a read-only volume which the
> end user (DomU owner) cannot modify. In that read-only partition, he
> has a basic (rescue) system which the DomU always boots "through" -
> thus the end user can never ever completely trash his DomU to the
> point that it won't boot anything.
> My guess is that he has GRUB installed in the rescue partition, with
> two entries - rescue and user. Rescue boots into the rescue system,
> user (the default) chain loads a GRUB config from the user's normal
> partition. In normal operation, the DomU will load the read-only
> GRUB, chainload the user's GRUB, and then boot the user's OS. If the
> user screws it up, he can interrupt the initial GRUB, boot into the
> rescue system, and from there fix his own system.
exactly.
Thank you guys to help me to clarify this point.
Regards, Eva _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users
|
