[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] xen in hosting envoroment



On Sun, Feb 03, 2008 at 10:09:08AM +0000, Nico Kadel-Garcia wrote:
> That would be a *SERIOUS* bug, and if anyone knew of such, we'd be 
> reporting it pretty fast. There was a fascinating RHEL bug reported, in 
> the use of pygrub, because pygrub would read the grub contents from the 
> DomU at boot time and this created an interesting security risk for the 
> pygrub program itself.

what ever happened to this, anyhow?  did PyGrub start running fsck before 
it mounts the untrusted filesystems?  or was the solution to fix
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5497 
such that linux doesn't panic on corrupted filesystems?

Why wouldn't pygrub run fsck on it's target system anyhow?  I mean,
even if the user isn't being malicious, it's quite possible
that the partition in question was shut down improperly.  

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.