[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: [Xen-devel] Re: domUloader kernel command line arguments?

Hi Ian,

On Fri, Mar 10, 2006 at 11:41:40PM -0000, Ian Pratt wrote:
> > > I know there were some complaints to the implementation,
> > 
> > I'm aware of two complaints
> > (1) security concerns (you _mount_ the FS in dom0)
> This is certainly a fair concern. I'd wager most linux filesystem code
> can quite easily be subverted by a maliciously crafted on-disk bit
> pattern.

You underestimate the quality of Linux FS. Keep in mind that these would
all be vulnerabilities that you'd be able to exploit by inserting CDs
or USB sticks as a normal user.
That said, it would certainly be good to audit the FS code and I would
expect that the kernel FS implementations are not prefect in that area,
especially not the less commonly used ones. FS metadata could have been
considered trusted prior to the invention of removable media. 

> > (2) the use of kpartx from multipath-tools which seems to be missing
> >     from some ancient distros
> Not so ancient... I've never managed to make kpartx work on anything
> other than a SuSE distro.

Should I try to provide multipath-tools RPMs/DEBs for other distros?

> > (1) is a feature and it's the reason why we probably will have pygrub
> >     coexist with domUloader :-(
> > (2) we could help, by using fdisk -l and losetup rather than kpartx
> >     if the latter is missing; though fdisk -l would limit the supported
> >     partition tables to DOS ones.
> I'm not a fan of pygrub as that requires very new versions of the
> filesystem libraries (to support "open2" and hence patition table
> offsets).
> Perhaps we should be considering having both in tree? I've somewhat lost
> track of where we are in the discussion as regards to support for Sun's
> UFS. Could someone please generate a summary?

I you want an fdisk -l losetup / lomount fallback for domUloader to make
it usable by more people, that would be something I could work on.

Kurt Garloff, Head Architect Linux, Novell Inc.

Attachment: pgpNHWM5Q2hh8.pgp
Description: PGP signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.