[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] tools: add configure option for disabling pygrub

  • To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 8 Aug 2023 11:56:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2qCSSSOg1/cz8iOPZBvc5n7Io6CJH4Cb61rXtF0d+tA=; b=fqtrXpp3H/VH6xIUuPjxTZoNrNqbpa/PSriFGOzC4k1mPEhHDB8M7xVG1ZQVQ+aAheqC8+GOp3utuQbBRGwb+m8EFWJyVqNgN122NDshiIe4PyRxHPgIUxXi1iDPzOBQjBdeu8o+OXXLCJ7bg6IAn8HfJNg8RD79QNZOfJ7y5dg29TByvwN2LbNtJmlD/ZDdM44I1Qi9fNpP/l+SLcG088Rld7W5IqpciiAGlr82gylWF4L5UkkyklFLHTq3yCVV6s7tRWiHWY5k4J9yte8HUQ3XesWCe6epVtprY3pVC2LVdbXkNi3b2XmmbU2FRQh3MX95D0E6u5oNHdyRGhxU1w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c6P2zQBJmJogMPGsZOxiZbGtXRCHylIPw/rCDL0jyIAZrSitBew8ZgbIODyjyjiEXFZJi6TKsiJdfBu157+hfUUL4/TU/31fPZgRnC2n3iJhe6xwTGLLH+a/8bgio4gB/QEp7/VlKcLPlzjzadaF9yayDdCvmrP1EbZWRMezv8SmWlEJ2TxI/4wO4gD+Ria6g26uR8+iGeGPqBe6xXVnH+Ijgrepdoc58yPX40igLAWQJqArElGxYxIjm/ZXEFibSiPiPf9SVJxlc60RJgNNQdJhlLI2wnEQQK866Voxmy6gOQRs4MMxp1fwfWaSUKlUAs4n6MDdf+4GX+fpCx4qZg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Tue, 08 Aug 2023 10:57:05 +0000
  • Ironport-data: A9a23:KTWs762jGTbI7kH1PfbD5fBwkn2cJEfYwER7XKvMYLTBsI5bpzMCx zBMXW7TMvfZNzT1e9lza9zkoUgE7ZWHzoBrSQNvpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8teTb8XuDgNyo4GlD5gxmOqgR1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfG3Fr/ OM/EysxYh3eiOWfwYmLRdVDr5F2RCXrFNt3VnBI6xj8VK9ja7aTBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxqsy6Kkl0ZPLvFabI5fvSjQ8lPk1nej WXB52njWTkRNcCFyCrD+XWp7gPKtXqhAd5CSuDprZaGhnWh6mgLLxRJCWG3it2Ck16jBugCc WMbr39GQa8asRbDosPGdx+3unmfpTYHRsFdVeY97Wml2qfSpgqUGGUAZjpAc8A98t87QyQw0 V2ElM+vAiZg2JWKTVqN+7HSqim9URX5NkcHbC4ACAEDs9/qpdhqigqVF4gyVqmoktfyBDf8h SiQqzQzjKkSishN0Lin+VfAgHSnoZ2hohMJ2zg7l1mNtmtRDLNJraTxgbQHxZ6s9Lqkc2Q=
  • Ironport-hdrordr: A9a23:wxLoNqBXEFI0LCflHemM55DYdb4zR+YMi2TDtnocdfUxSKelfq +V/MjzuSWUtN86YgBDpTniAsa9qA3nhPtICOAqVN/JMTUO01HHEGgN1/qF/xTQXwH46+5Bxe NBXsFFeaTN5IFB/KLHCd+DYrEd6ejCyqyumPzPi053SwJnYbwI1XYbNjqm
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 04/08/2023 6:59 am, Juergen Gross wrote:
> Add a "--disable-pygrub" option for being able to disable the build
> and installation of pygrub.
>
> There are two main reasons to do so:
>
> - A main reason to use pygrub is to allow a PV guest to choose its
>   bitness (32- or 64-bit). Pygrub allows that by looking into the boot
>   image and to start the guest in the correct mode depending on the
>   kernel selected. With 32-bit PV guests being deprecated and the
>   possibility to even build a hypervisor without 32-bit PV support,
>   this use case is gone for at least some configurations.
>
> - Pygrub is running in dom0 with root privileges. As it is operating
>   on guest controlled data (the boot image) and taking decisions based
>   on this data, there is a possible security issue.

This isn't really a possible security issue.  It's a high(er) security risk.

Pygrub is still security supported, so falls under the usual security
process if an issue were to be found.

>  Not being possible
>   to use pygrub is thus a step towards more security.

IMO, the phrase you want to use here is "reduction in attack surface".

> Default is still to build and install pygrub.
>
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> ---
>  config/Tools.mk.in |  1 +
>  tools/Makefile     |  2 +-
>  tools/configure    | 26 ++++++++++++++++++++++++++
>  tools/configure.ac |  1 +
>  4 files changed, 29 insertions(+), 1 deletion(-)

Shouldn't we have a patch to (lib)xl which provides a clean error
message (rather than -ESRCH/etc) when the user selects bootloader=pygrub ?

Fine to be a separate patch, but not something which wants forgetting.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.