[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pvgrub with lz4 compressed kernels


  • To: xen-users@xxxxxxxxxxxxxxxxxxxx
  • From: Andy Smith <andy@xxxxxxxxxxxxxx>
  • Date: Thu, 7 May 2020 22:51:54 +0000
  • Delivery-date: Thu, 07 May 2020 22:53:19 +0000
  • List-id: Xen user discussion <xen-users.lists.xenproject.org>
  • Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

Hi John,

On Wed, May 06, 2020 at 04:27:54AM +0000, John S wrote:
> As a workaround specific to Ubuntu PV guests I have written an apt
> hook using extract-vmlinux to decompress kernels during
> installation. (Included 'decompress-kernel')

Good idea.

I had a quick glance and am a bit worried about some of the
temporary paths you use. I haven't verified but as these paths are
predictable ahead of time have you checked that they can't be used
by a malicious non-root user in the guest to overwrite arbitrary
system files?

Do you know a way to detect only LZ4 kernel images? That way this
technique could be used for only LZ4, as every other compression
method works fine at the moment.

Decompressed kernel is about 10 times the size of a compressed one,
so if guest is using a different compression type it would be good
to honour that.

> Hope to see some support for this upstream.

The complete lack of response on grub-devel is discouraging. If
there's anyone who's capable of adding the feature but needs
financial compensation to do so, please do contact me off-list;
maybe we can arrange something. Although at this point I guess the
PV world is moving to PVH.

Cheers,
Andy



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.