[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] boot loaders for domain != 0
Ian Pratt wrote: For what it's worth, I think doing a quick mount, read, and then umount is the easiest approach since it extends well to doing things like peeking at an ISO's contents by mounting an ISO image. Using libraries would probably introduce some nasty dependencies without really gaining much...From a security POV, using libext2 etc would be raher better. I just don't trust Linux to be defensive enough mounting a potentially malicious bag of bits. [I once came across an ext2 file systems that deterministically crashed Linux whenever I mounted it. It's been a couple of years, but I reckon such bugs are still lurking.] Then libext2 would have to run as a non-root user, and feed its output to a root process doing the actual domain building, assuming that there is no way of making the domain builder or libz choke on the kernel image that is... For real security, all this stuff has to be happen within the domU. In a perfect world, privileged code should never read user-supplied data, but given that this world is not perfect, you could relax that to not reading any variable-length user-supplied data. Given that both the (perhaps compressed) ELF image and the Ext2 filesystem contain variable-length data, neither should be read by code in dom0. Jacob ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |