[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 0/6] Pygrub security enhancements and bugfixes
A few extra bugfixes and security enhancements for pygrub. The biggest security enhacement is the removal of filesystem permissions from the depriv thread of pygrub. This is possible on newer versions of e2fsprogs, as it has an interface to consume file descriptors rather than file paths. Bug fixes ========= Patch 1: Properly confines the mount namespace in Linux systems and corrects an incorrect statement about older Linux kernels being buggy with them. With this patch, mounts done inside the namespace disappear altogether after the last process is killed. Patch 2: Fixes a bug preventing setting the LIMIT_FSIZE override Security enhancements ===================== Patch 3: Limits the amount of memory pygrub can chew Patch 4: Tweaks libfsimage to support a new interface ( fdopen() ) which allows passing file descriptors rather than paths Patch 5: Modifies the python bindings to grant access to the new interface Patch 6: Modifies pygrub to open every required file before depriv. Alejandro Vallejo (6): tools/pygrub: Set mount propagation to private recursively tools/pygrub: Fix bug in LIMIT_FSIZE env variable override tools/pygrub: Restrict depriv operation with RLIMIT_AS tools/libfsimage: Add an fdopen() interface to libfsimage tools/pygrub: Expose libfsimage's fdopen() to python tools/pygrub: Hook libfsimage's fdopen() to pygrub docs/man/xl.cfg.5.pod.in | 6 +- tools/libfsimage/common/fsimage.c | 42 ++++++-- tools/libfsimage/common/fsimage_grub.c | 2 +- tools/libfsimage/common/fsimage_plugin.c | 4 +- tools/libfsimage/common/fsimage_priv.h | 3 +- tools/libfsimage/common/mapfile-GNU | 2 + tools/libfsimage/common/mapfile-SunOS | 2 + tools/libfsimage/common/xenfsimage.h | 3 + tools/libfsimage/common/xenfsimage_plugin.h | 2 +- tools/libfsimage/ext2fs-lib/ext2fs-lib.c | 14 ++- tools/pygrub/src/ExtLinuxConf.py | 20 ++-- tools/pygrub/src/GrubConf.py | 29 ++--- tools/pygrub/src/LiloConf.py | 20 ++-- tools/pygrub/src/fsimage/fsimage.c | 33 ++++++ tools/pygrub/src/pygrub | 113 +++++++------------- 15 files changed, 173 insertions(+), 122 deletions(-) -- 2.34.1
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |