Re: [Xen-devel] [PATCH] Do not read files at once in pygrub

[M A Young <m.a.young@xxxxxxxxxxxx>]

On Tue, 22 May 2012, Miroslav Rezanina wrote:

> ----- Original Message -----
> > From: "M A Young" <m.a.young@xxxxxxxxxxxx>
> > To: "Ian Campbell" <Ian.Campbell@xxxxxxxxxx>
> > Cc: "Miroslav Rezanina" <mrezanin@xxxxxxxxxx>, "xen-devel" 
> > <xen-devel@xxxxxxxxxxxxxxxxxxx>
> > Sent: Tuesday, May 22, 2012 12:30:31 PM
> > Subject: Re: [Xen-devel] [PATCH] Do not read files at once in pygrub
> >
> > On Tue, 22 May 2012, Ian Campbell wrote:
> > > They look functionally pretty similar, one big difference is that
> > > Michael limits the size of the cfg file as well, which seems wise.
> > Yes, a malicious guest could have a huge grub configuration file as
> > well.
> > My strategy was just to read the first megabyte as I can't see why a
> > legitimate configuration file would be anywhere near that long.
> Yeah, it should not be as big. However, I think it should use same approach
> as kernel/ramdisk in case there will be such a big configuration file (even
> we do not see reason now).
They are already different as the configuration file is only read into 
memory and processed there, whereas the kernel and ramdisk are just file 
copies ready for the calling process to use. I haven't specifically looked 
at this bit of the code but I think it could be difficult to protect 
against a malicious configuration file without truncating it somewhere as 
for example, you have to consider the case of a legitimately formatted 
grub file with, say, a million menu entries.
        Michael Young

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel