This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH 0/3] domUloader

On Tue, 17 Jan 2006, Kurt Garloff wrote:

> 2. The filesystem in the domU could be prepared such that the kernel
>    trips over a bug in its filesystem code.
>    The same can happen if you read the FS with a userspace library
>    of course, but the effects would be less bad -- at least if you
>    would do it with non-root euid.
>    The downside is that need to use a secondary source for filesystem
>    code, which needs to be maintained and kept in sync, audited, ...
>    And you are limited to the filesystems where you have userspace
>    libraries for.
>    In a paranoid scenario, you would not load any data from the domU
>    filesystem in any way :-) But I can see why you would choose
>    pygrub over domUloader in a sensitive environment, where you
>    can't trust the domU admins. Point taken.
>    I still think that in many use scenarios, you would be perfectly
>    fine with domUloader.

Have a special kernel that is used just for this, then boot a temporary domU,
using this special kernel, read the data you need from the filesystem, then
shut it down.

Xen-devel mailing list