[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/6] Pygrub security enhancements and bugfixes

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
Date: Mon, 6 Nov 2023 15:05:02 +0000
Cc: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
Delivery-date: Mon, 06 Nov 2023 15:05:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

A few extra bugfixes and security enhancements for pygrub.

The biggest security enhacement is the removal of filesystem permissions
from the depriv thread of pygrub. This is possible on newer versions of
e2fsprogs, as it has an interface to consume file descriptors rather than
file paths.

Bug fixes
=========

Patch 1: Properly confines the mount namespace in Linux systems and
         corrects an incorrect statement about older Linux kernels being
         buggy with them. With this patch, mounts done inside the namespace
         disappear altogether after the last process is killed.
Patch 2: Fixes a bug preventing setting the LIMIT_FSIZE override

Security enhancements
=====================

Patch 3: Limits the amount of memory pygrub can chew
Patch 4: Tweaks libfsimage to support a new interface ( fdopen() ) which
         allows passing file descriptors rather than paths
Patch 5: Modifies the python bindings to grant access to the new interface
Patch 6: Modifies pygrub to open every required file before depriv.

Alejandro Vallejo (6):
  tools/pygrub: Set mount propagation to private recursively
  tools/pygrub: Fix bug in LIMIT_FSIZE env variable override
  tools/pygrub: Restrict depriv operation with RLIMIT_AS
  tools/libfsimage: Add an fdopen() interface to libfsimage
  tools/pygrub: Expose libfsimage's fdopen() to python
  tools/pygrub: Hook libfsimage's fdopen() to pygrub

 docs/man/xl.cfg.5.pod.in                    |   6 +-
 tools/libfsimage/common/fsimage.c           |  42 ++++++--
 tools/libfsimage/common/fsimage_grub.c      |   2 +-
 tools/libfsimage/common/fsimage_plugin.c    |   4 +-
 tools/libfsimage/common/fsimage_priv.h      |   3 +-
 tools/libfsimage/common/mapfile-GNU         |   2 +
 tools/libfsimage/common/mapfile-SunOS       |   2 +
 tools/libfsimage/common/xenfsimage.h        |   3 +
 tools/libfsimage/common/xenfsimage_plugin.h |   2 +-
 tools/libfsimage/ext2fs-lib/ext2fs-lib.c    |  14 ++-
 tools/pygrub/src/ExtLinuxConf.py            |  20 ++--
 tools/pygrub/src/GrubConf.py                |  29 ++---
 tools/pygrub/src/LiloConf.py                |  20 ++--
 tools/pygrub/src/fsimage/fsimage.c          |  33 ++++++
 tools/pygrub/src/pygrub                     | 113 +++++++-------------
 15 files changed, 173 insertions(+), 122 deletions(-)

-- 
2.34.1

Follow-Ups:
- [PATCH 2/6] tools/pygrub: Fix bug in LIMIT_FSIZE env variable override
  - From: Alejandro Vallejo
- [PATCH 6/6] tools/pygrub: Hook libfsimage's fdopen() to pygrub
  - From: Alejandro Vallejo
- [PATCH 4/6] tools/libfsimage: Add an fdopen() interface to libfsimage
  - From: Alejandro Vallejo
- [PATCH 5/6] tools/pygrub: Expose libfsimage's fdopen() to python
  - From: Alejandro Vallejo
- [PATCH 3/6] tools/pygrub: Restrict depriv operation with RLIMIT_AS
  - From: Alejandro Vallejo
- [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
  - From: Alejandro Vallejo

Prev by Date: [PATCH v4 13/17] hw/i386/pc: support '-nic' for xen-net-device
Next by Date: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
Previous by thread: [PATCH v4 00/17] Get Xen PV shim running in QEMU, add net and console
Next by thread: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.