|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 1/2] tools: add configure option for disabling pygrub
On 08.08.23 12:56, Andrew Cooper wrote: On 04/08/2023 6:59 am, Juergen Gross wrote:Add a "--disable-pygrub" option for being able to disable the build and installation of pygrub. There are two main reasons to do so: - A main reason to use pygrub is to allow a PV guest to choose its bitness (32- or 64-bit). Pygrub allows that by looking into the boot image and to start the guest in the correct mode depending on the kernel selected. With 32-bit PV guests being deprecated and the possibility to even build a hypervisor without 32-bit PV support, this use case is gone for at least some configurations. - Pygrub is running in dom0 with root privileges. As it is operating on guest controlled data (the boot image) and taking decisions based on this data, there is a possible security issue.This isn't really a possible security issue. It's a high(er) security risk. True. I'll s/possible security issue/higher security risk/. Pygrub is still security supported, so falls under the usual security process if an issue were to be found.Not being possible to use pygrub is thus a step towards more security.IMO, the phrase you want to use here is "reduction in attack surface". Thanks. I'll use that. Default is still to build and install pygrub. Signed-off-by: Juergen Gross <jgross@xxxxxxxx> --- config/Tools.mk.in | 1 + tools/Makefile | 2 +- tools/configure | 26 ++++++++++++++++++++++++++ tools/configure.ac | 1 + 4 files changed, 29 insertions(+), 1 deletion(-)Shouldn't we have a patch to (lib)xl which provides a clean error message (rather than -ESRCH/etc) when the user selects bootloader=pygrub ? Fine to be a separate patch, but not something which wants forgetting. I'll add it. Juergen Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc Attachment:
OpenPGP_signature.asc
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |