From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1Vr9OU-0003YJ-3v
	for mharc-grub-devel@gnu.org; Thu, 12 Dec 2013 11:45:46 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58663)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1Vr9OO-0003Xv-04
	for grub-devel@gnu.org; Thu, 12 Dec 2013 11:45:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1Vr9OG-00048T-0N
	for grub-devel@gnu.org; Thu, 12 Dec 2013 11:45:39 -0500
Received: from mail-we0-x22a.google.com ([2a00:1450:400c:c03::22a]:60749)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1Vr9OF-00048J-Oq
	for grub-devel@gnu.org; Thu, 12 Dec 2013 11:45:31 -0500
Received: by mail-we0-f170.google.com with SMTP id w61so709481wes.1
	for <grub-devel@gnu.org>; Thu, 12 Dec 2013 08:45:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=tFV3jCr9M0QD7Eey2uQaIuzydpPCH7wNGoURLSj02EQ=;
	b=L02JkG8xUgp21pUnHkxTzeysdYTmyn9N1c13sw8uXwZytDQ8Pp0OWc1WCq2xD/Ao3a
	Sz+6BXNrYC3f3YWSIuCU7QDL7BXRxANBQY+8E2TzaN0zTb7KH7FifF4ga6KjH8S6bbW/
	0/nakg1g0nPVcVbOA4zi84sRP/qI5whoAVnV9X7p+3Q+yIB17ZaXhEa/XqjEPpRQ4DDF
	bVWn0f16F7AF60R00e7ukhFicD7sZEOTa1SdhWSqjgwcR5Ad5bEpgiZBRgCozRjHLzOE
	bbxYOMLqG9WekDRkdHSJAEAaa2zLZN9MiP0l9HkiL+McZwd7igwD28YjSWbZ7LvPWdsO
	37bg==
MIME-Version: 1.0
X-Received: by 10.180.14.134 with SMTP id p6mr30009476wic.6.1386866730813;
	Thu, 12 Dec 2013 08:45:30 -0800 (PST)
Received: by 10.180.39.193 with HTTP; Thu, 12 Dec 2013 08:45:30 -0800 (PST)
Received: by 10.180.39.193 with HTTP; Thu, 12 Dec 2013 08:45:30 -0800 (PST)
In-Reply-To: <20131212163907.GG1431@riva.ucam.org>
References: <20131212153643.GA1431@riva.ucam.org>
	<20131212153741.GD1431@riva.ucam.org>
	<CAEaD8JN=Gg8fut+pXBA0=8abvo5YE=Q4eiXYR6kPT-yRqjNA1Q@mail.gmail.com>
	<20131212163907.GG1431@riva.ucam.org>
Date: Thu, 12 Dec 2013 17:45:30 +0100
Message-ID: <CAEaD8JM_cUCb46GZs8=Ct-M15FHcD_X7tgiq8=570T9cyWs=bA@mail.gmail.com>
Subject: Re: [PATCH 3/4] Build grub.xen.
From: "Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Content-Type: multipart/alternative; boundary=f46d04155418d74d7604ed5912df
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:400c:c03::22a
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2013 16:45:45 -0000

--f46d04155418d74d7604ed5912df
Content-Type: text/plain; charset=ISO-8859-1

No I meant full access to just obe of guest partitions. E.g. FTP may be
using separate partition and non-admins may have control over it. If system
has some kind of automatic user creation and /home is separate someone may
register as boot or grub and put grub.xen in his directory. If /tmp is on
separate partition and not in RAM then everybody can put grub.xen to
/tmp/grub/grub.xen
On Dec 12, 2013 5:39 PM, "Colin Watson" <cjwatson@ubuntu.com> wrote:

> On Thu, Dec 12, 2013 at 05:24:50PM +0100, Vladimir 'phcoder' Serbinenko
> wrote:
> > This config has a security problem. If a user has full acces to some
> > partition (e.g. fto server partition) he can put grub.xen there and load
> > his own code
>
> Only in the domU context, though.  If a user has full access to a guest
> filesystem then of course they can run code in the domU.  This seems
> unsurprising and not a problem?
>
> --
> Colin Watson                                       [cjwatson@ubuntu.com]
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>

--f46d04155418d74d7604ed5912df
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p>No I meant full access to just obe of guest partitions. E.g. FTP may be =
using separate partition and non-admins may have control over it. If system=
 has some kind of automatic user creation and /home is separate someone may=
 register as boot or grub and put grub.xen in his directory. If /tmp is on =
separate partition and not in RAM then everybody can put grub.xen to /tmp/g=
rub/grub.xen</p>

<div class=3D"gmail_quote">On Dec 12, 2013 5:39 PM, &quot;Colin Watson&quot=
; &lt;<a href=3D"mailto:cjwatson@ubuntu.com">cjwatson@ubuntu.com</a>&gt; wr=
ote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, Dec 12, 2013 at 05:24:50PM +0100, Vladimir &#39;phcoder&#39; Serbin=
enko wrote:<br>
&gt; This config has a security problem. If a user has full acces to some<b=
r>
&gt; partition (e.g. fto server partition) he can put grub.xen there and lo=
ad<br>
&gt; his own code<br>
<br>
Only in the domU context, though. =A0If a user has full access to a guest<b=
r>
filesystem then of course they can run code in the domU. =A0This seems<br>
unsurprising and not a problem?<br>
<br>
--<br>
Colin Watson =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 [<a href=3D"mailto:cjwatson@ubuntu.com">cjwatson@ubuntu.com=
</a>]<br>
<br>
_______________________________________________<br>
Grub-devel mailing list<br>
<a href=3D"mailto:Grub-devel@gnu.org">Grub-devel@gnu.org</a><br>
<a href=3D"https://lists.gnu.org/mailman/listinfo/grub-devel" target=3D"_bl=
ank">https://lists.gnu.org/mailman/listinfo/grub-devel</a><br>
</blockquote></div>

--f46d04155418d74d7604ed5912df--