Re: Pvgrub with lz4 compressed kernels

["John S" <johnsutherland@xxxxxxxxxxxxx>]

Hey Andy,

> I had a quick glance and am a bit worried about some of the
> temporary paths you use. I haven't verified but as these paths are
> predictable ahead of time have you checked that they can't be used
> by a malicious non-root user in the guest to overwrite arbitrary
> system files?

Yeah you are correct fair point, I've adjusted to make use of mktemp instead.

> On Thu, May 07, 2020 at 10:51:54PM +0000, Andy Smith wrote:
> 
>> Do you know a way to detect only LZ4 kernel images? That way this
>> technique could be used for only LZ4, as every other compression
>> method works fine at the moment.
> 
> You can of course just use the pattern from extract-vmlinux to check
> an image file:
> 
> lz4match=$(printf '\002!L\030')
> grep -aq "$lz4match" /boot/vmlinuz-5.4.0-29-generic && echo "At least one LZ4 
> header
> found"

Its funny as if they were offering anything but lz4 kernels then the script 
wouldn't be needed at
all. But it doesn't hurt, I've included a check for that as well.

> The complete lack of response on grub-devel is discouraging. If
> there's anyone who's capable of adding the feature but needs
> financial compensation to do so, please do contact me off-list;
> maybe we can arrange something. Although at this point I guess the
> PV world is moving to PVH.

I think we lost most of them to KVM already anyway :(

Cheers,
John S

Attachment: decompress-lz4-kernel
Description: Binary data