WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] boot loaders for domain != 0

from [Jacob Gorm Hansen] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] boot loaders for domain != 0
From: Jacob Gorm Hansen <jacobg@xxxxxxx>
Date: Thu, 03 Feb 2005 17:09:28 -0800
Delivery-date: Fri, 04 Feb 2005 01:13:28 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <A95E2296287EAD4EB592B5DEEFCE0E9D1236E4@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1236E4@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (X11/20050116) 
Ian Pratt wrote:
For what it's worth, I think doing a quick mount, read, and then umount is the easiest approach since it extends well to doing things like peeking at an ISO's contents by mounting an ISO image. Using libraries would probably introduce some nasty dependencies without really gaining much... 


From a security POV, using libext2 etc would be raher better. I just
don't trust Linux to be defensive enough mounting a potentially
malicious bag of bits. [I once came across an ext2 file systems that
deterministically crashed Linux whenever I mounted it. It's been a
couple of years, but I reckon such bugs are still lurking.]
Then libext2 would have to run as a non-root user, and feed its output to a root process doing the actual domain building, assuming that there is no way of making the domain builder or libz choke on the kernel image that is...
For real security, all this stuff has to be happen within the domU. In a perfect world, privileged code should never read user-supplied data, but given that this world is not perfect, you could relax that to not reading any variable-length user-supplied data.
Given that both the (perhaps compressed) ELF image and the Ext2 filesystem contain variable-length data, neither should be read by code in dom0. 

Jacob


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Mapping pages from dom0, Ian Pratt
Next by Date:  Re: [Xen-devel] [PATCH 3/3] Replace slab.c with a very simpleallocator., ultraptr
Previous by Thread:  RE: [Xen-devel] boot loaders for domain != 0, Ian Pratt
Next by Thread:  Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0), Anthony Liguori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy