From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Vr94S-0003Oq-QU for mharc-grub-devel@gnu.org; Thu, 12 Dec 2013 11:25:04 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52658) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vr94L-0003Ma-Ko for grub-devel@gnu.org; Thu, 12 Dec 2013 11:25:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vr94F-0005Nl-Gi for grub-devel@gnu.org; Thu, 12 Dec 2013 11:24:57 -0500 Received: from mail-we0-x229.google.com ([2a00:1450:400c:c03::229]:35251) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vr94F-0005Nh-5U for grub-devel@gnu.org; Thu, 12 Dec 2013 11:24:51 -0500 Received: by mail-we0-f169.google.com with SMTP id w61so691234wes.28 for ; Thu, 12 Dec 2013 08:24:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=kx5cPA5I+3XEHaIZjQ2gqtcx7Tx9476J3vV3EqkVvHY=; b=J6zkYcCkvxg4mMvyWOpvdIV3oEcoDfFjSJm4yvdi15BnYiWgI75RurLNWbNUfXQwdb jaYSuiNYu4ODD7vgchHulkA4TnMXwfsSUBZGfhnQfsph7haYk5ibuBNFXhj7bgHBIKyB F99Fp+9rU2mjtcAYJ4HASi11+ze/LI7dhDywNvqrTF2GXPAoBKzuJVwgWKYZdKpYdM1d lfavqLScFV0N0pnaRDQ+i/Syv6Ej7n4jdMLxMB0ujx6GVydjkgrzOxKqCPMrt6zbrRRj yCdWJeQUpFsZ1yGR7EhregutrXdJ/FkbmyxsqKdFkNCE/SANeoUq7pdp13YSeDpncV1t h0iw== MIME-Version: 1.0 X-Received: by 10.194.48.7 with SMTP id h7mr6773wjn.92.1386865490188; Thu, 12 Dec 2013 08:24:50 -0800 (PST) Received: by 10.180.39.193 with HTTP; Thu, 12 Dec 2013 08:24:50 -0800 (PST) Received: by 10.180.39.193 with HTTP; Thu, 12 Dec 2013 08:24:50 -0800 (PST) In-Reply-To: <20131212153741.GD1431@riva.ucam.org> References: <20131212153643.GA1431@riva.ucam.org> <20131212153741.GD1431@riva.ucam.org> Date: Thu, 12 Dec 2013 17:24:50 +0100 Message-ID: Subject: Re: [PATCH 3/4] Build grub.xen. From: "Vladimir 'phcoder' Serbinenko" To: The development of GNU GRUB Content-Type: multipart/alternative; boundary=047d7ba975e4e4de1104ed58c854 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c03::229 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2013 16:25:03 -0000 --047d7ba975e4e4de1104ed58c854 Content-Type: text/plain; charset=ISO-8859-1 This config has a security problem. If a user has full acces to some partition (e.g. fto server partition) he can put grub.xen there and load his own code On Dec 12, 2013 4:38 PM, "Colin Watson" wrote: > * .gitignore: Add xen.cfg. > * Makefile.am (grub-core/xen.cfg): New rule. > (grub.xen): Likewise. Add to platform_DATA. > * configure.ac (COND_xen): New conditional. > * grub-core/Makefile.core.def (xen.cfg): New definition. > * grub-core/boot/xen/xen.cfg.in: New file. This is suitable for > installation both in the dom0 filesystem (where it will find and > chainload a secondary grub.xen) and in the domU filesystem (where it > will load a matching grub.cfg). > --- > .gitignore | 1 + > ChangeLog | 14 ++++++++++++++ > Makefile.am | 14 ++++++++++++++ > configure.ac | 1 + > grub-core/Makefile.core.def | 7 +++++++ > grub-core/boot/xen/xen.cfg.in | 31 +++++++++++++++++++++++++++++++ > 6 files changed, 68 insertions(+) > create mode 100644 grub-core/boot/xen/xen.cfg.in > > diff --git a/.gitignore b/.gitignore > index 2292cc9..51aa8b4 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -153,6 +153,7 @@ trigtables.c > uhci_test > update-grub_lib > unidata.c > +xen.cfg > xzcompress_test > Makefile.in > GPATH > diff --git a/ChangeLog b/ChangeLog > index fc86601..58304f7 100644 > --- a/ChangeLog > +++ b/ChangeLog > @@ -1,5 +1,19 @@ > 2013-12-12 Colin Watson > > + Build grub.xen. > + > + * .gitignore: Add xen.cfg. > + * Makefile.am (grub-core/xen.cfg): New rule. > + (grub.xen): Likewise. Add to platform_DATA. > + * configure.ac (COND_xen): New conditional. > + * grub-core/Makefile.core.def (xen.cfg): New definition. > + * grub-core/boot/xen/xen.cfg.in: New file. This is suitable for > + installation both in the dom0 filesystem (where it will find and > + chainload a secondary grub.xen) and in the domU filesystem (where > it > + will load a matching grub.cfg). > + > +2013-12-12 Colin Watson > + > Accept environment variables on the command line for Xen. > > * grub-core/kern/xen/init.c (fetch_command_line_word): New > function. > diff --git a/Makefile.am b/Makefile.am > index 0a2c099..e9792f6 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -402,6 +402,20 @@ default_payload.elf: grub-mkstandalone grub-mkimage > pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O > i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms > part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' > --install-modules='ls linux search configfile normal cbtime cbls memrw iorw > minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain > test' --fonts= --themes= --locales= -d grub-core/ > /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg > endif > > +if COND_xen > +# The grub-core/util split means that we have to duplicate rules a little > +# bit here. > +grub-core/xen.cfg: grub-core/boot/xen/xen.cfg.in > + $(MAKE) -C grub-core xen.cfg > + > +grub.xen: grub-mkstandalone grub-mkimage grub-core/xen.cfg > + pkgdatadir=. ./grub-mkstandalone --grub=mkimage=./grub-mkimage \ > + -o $@ -O $(target_cpu)-$(platform) -d grub-core/ \ > + /boot/grub/grub.cfg=grub-core/xen.cfg > + > +platform_DATA += grub.xen > +endif > + > windowsdir=$(top_builddir)/$(PACKAGE)-$(VERSION)-for-windows > windowsdir: $(PROGRAMS) $(starfield_DATA) $(platform_DATA) > test -d $(windowsdir) && rm -rf $(windowsdir) || true > diff --git a/configure.ac b/configure.ac > index 0abbb99..08aa751 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -1590,6 +1590,7 @@ AM_CONDITIONAL([COND_i386_ieee1275], [test > x$target_cpu = xi386 -a x$platform = > AM_CONDITIONAL([COND_i386_coreboot], [test x$target_cpu = xi386 -a > x$platform = xcoreboot]) > AM_CONDITIONAL([COND_i386_multiboot], [test x$target_cpu = xi386 -a > x$platform = xmultiboot]) > AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu = xx86_64 -a > x$platform = xefi]) > +AM_CONDITIONAL([COND_xen], [test x$platform = xxen]) > AM_CONDITIONAL([COND_i386_xen], [test x$target_cpu = xi386 -a x$platform > = xxen]) > AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu = xx86_64 -a > x$platform = xxen]) > AM_CONDITIONAL([COND_mips_loongson], [test x$target_cpu = xmipsel -a > x$platform = xloongson]) > diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def > index 060de44..63a8351 100644 > --- a/grub-core/Makefile.core.def > +++ b/grub-core/Makefile.core.def > @@ -44,6 +44,13 @@ script = { > enable = powerpc_ieee1275; > }; > > +script = { > + installdir = platform; > + name = xen.cfg; > + common = boot/xen/xen.cfg.in; > + enable = xen; > +}; > + > kernel = { > name = kernel; > > diff --git a/grub-core/boot/xen/xen.cfg.in b/grub-core/boot/xen/xen.cfg.in > new file mode 100644 > index 0000000..e2e590c > --- /dev/null > +++ b/grub-core/boot/xen/xen.cfg.in > @@ -0,0 +1,31 @@ > +if [ -z "$grub_xen_guest" ]; then > + # This is the copy of grub.xen installed in the dom0's filesystem. > + # Look for a copy in the domU's filesystem and chainload that. > This > + # allows us to guarantee that GRUB will be in sync with the > + # configuration file in the domU. The file locations here must not > + # have any configure-generated substitutions applied, as the intent > + # is that a single grub.xen should be able to cope with a variety > of > + # domU systems. > + if search --set=root --file /boot/grub/grub.xen; then > + linux /boot/grub/grub.xen grub_xen_guest=1 > + boot > + elif search --set=root --file=/boot/grub2/grub.xen; then > + linux /boot/grub2/grub.xen grub_xen_guest=1 > + boot > + else > + echo "No grub.xen found in guest filesystem. Tried:" > + echo " /boot/grub/grub.xen" > + echo " /boot/grub2/grub.xen" > + halt > + fi > +else > + # This is the copy of grub.xen installed in the domU's filesystem. > + # Read its configuration file. > + if search --set=root --exclude=memdisk --file \ > + /@bootdirname@/@grubdirname@/grub.cfg; then > + configfile /@bootdirname@/@grubdirname@/grub.cfg > + else > + echo "No /@bootdirname@/@grubdirname@/grub.cfg found in > guest filesystem." > + halt > + fi > +fi > -- > 1.8.4.4 > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > --047d7ba975e4e4de1104ed58c854 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

This config has a security problem. If a user has full acces to some par= tition (e.g. fto server partition) he can put grub.xen there and load his o= wn code

On Dec 12, 2013 4:38 PM, "Colin Watson"= ; <cjwatson@ubuntu.com> wr= ote:
* .gitignore: Add xen.cfg.
* Makefile.am (grub-core/xen.cfg): New rule.
(grub.xen): Likewise. =A0Add to platform_DATA.
* configure.ac (COND_= xen): New conditional.
* grub-core/Makefile.core.def (xen.cfg): New definition.
* grub-core/boot/xen/xen.cf= g.in: New file. =A0This is suitable for
installation both in the dom0 filesystem (where it will find and
chainload a secondary grub.xen) and in the domU filesystem (where it
will load a matching grub.cfg).
---
=A0.gitignore =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| =A01 +
=A0ChangeLog =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 | 14 ++++++++++++++ =A0Makefile.am =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 | 14 ++++++++++++++
=A0configure.ac =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0| =A01 +
=A0grub-core/Makefile.core.def =A0 | =A07 +++++++
=A0grub-core/boot/xen/xen.c= fg.in | 31 +++++++++++++++++++++++++++++++
=A06 files changed, 68 insertions(+)
=A0create mode 100644 grub-core/boot/xen/xen.cfg.in

diff --git a/.gitignore b/.gitignore
index 2292cc9..51aa8b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -153,6 +153,7 @@ trigtables.c
=A0uhci_test
=A0update-grub_lib
=A0unidata.c
+xen.cfg
=A0xzcompress_test
=A0Makefile.in
=A0GPATH
diff --git a/ChangeLog b/ChangeLog
index fc86601..58304f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
=A02013-12-12 =A0Colin Watson =A0<cjwatson@ubuntu.com>

+ =A0 =A0 =A0 Build grub.xen.
+
+ =A0 =A0 =A0 * .gitignore: Add xen.cfg.
+ =A0 =A0 =A0 * Makefile.am (grub-core/xen.cfg): New rule.
+ =A0 =A0 =A0 (grub.xen): Likewise. =A0Add to platform_DATA.
+ =A0 =A0 =A0 * configure= .ac (COND_xen): New conditional.
+ =A0 =A0 =A0 * grub-core/Makefile.core.def (xen.cfg): New definition.
+ =A0 =A0 =A0 * grub-core/boot/xen/xen.cfg.in: New file. =A0This is suitable for
+ =A0 =A0 =A0 installation both in the dom0 filesystem (where it will find = and
+ =A0 =A0 =A0 chainload a secondary grub.xen) and in the domU filesystem (w= here it
+ =A0 =A0 =A0 will load a matching grub.cfg).
+
+2013-12-12 =A0Colin Watson =A0<c= jwatson@ubuntu.com>
+
=A0 =A0 =A0 =A0 Accept environment variables on the command line for Xen.
=A0 =A0 =A0 =A0 * grub-core/kern/xen/init.c (fetch_command_line_word): New = function.
diff --git a/Makefile.am b/Makefile.am
index 0a2c099..e9792f6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -402,6 +402,20 @@ default_payload.elf: grub-mkstandalone grub-mkimage =A0 =A0 =A0 =A0 pkgdatadir=3D. ./grub-mkstandalone --grub-mkimage=3D./grub-= mkimage -O i386-coreboot -o $@ --modules=3D'ahci pata ehci uhci ohci us= b_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usb= debug cbfs' --install-modules=3D'ls linux search configfile normal = cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump reg= exp setpci lsacpi chain test' --fonts=3D --themes=3D --locales=3D -d gr= ub-core/ /boot/grub/grub.cfg=3D$(srcdir)/coreboot.cfg
=A0endif

+if COND_xen
+# The grub-core/util split means that we have to duplicate rules a little<= br> +# bit here.
+grub-core/xen.cfg: grub-core/boot/xen/xen.cfg.in
+ =A0 =A0 =A0 $(MAKE) -C grub-core xen.cfg
+
+grub.xen: grub-mkstandalone grub-mkimage grub-core/xen.cfg
+ =A0 =A0 =A0 pkgdatadir=3D. ./grub-mkstandalone --grub=3Dmkimage=3D./grub-= mkimage \
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-o $@ -O $(target_cpu)-$(platform) -d = grub-core/ \
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/boot/grub/grub.cfg=3Dgrub-core/xen.cf= g
+
+platform_DATA +=3D grub.xen
+endif
+
=A0windowsdir=3D$(top_builddir)/$(PACKAGE)-$(VERSION)-for-windows
=A0windowsdir: $(PROGRAMS) $(starfield_DATA) $(platform_DATA)
=A0 =A0 =A0 =A0 test -d $(windowsdir) && rm -rf $(windowsdir) || tr= ue
diff --git a/configure.ac= b/configure.ac index 0abbb99..08aa751 100644
--- a/configure.ac +++ b/configure.ac @@ -1590,6 +1590,7 @@ AM_CONDITIONAL([COND_i386_ieee1275], [test x$target_c= pu =3D xi386 -a x$platform =3D
=A0AM_CONDITIONAL([COND_i386_coreboot], [test x$target_cpu =3D xi386 -a x$p= latform =3D xcoreboot])
=A0AM_CONDITIONAL([COND_i386_multiboot], [test x$target_cpu =3D xi386 -a x$= platform =3D xmultiboot])
=A0AM_CONDITIONAL([COND_x86_64_efi], [test x$target_cpu =3D xx86_64 -a x$pl= atform =3D xefi])
+AM_CONDITIONAL([COND_xen], [test x$platform =3D xxen])
=A0AM_CONDITIONAL([COND_i386_xen], [test x$target_cpu =3D xi386 -a x$platfo= rm =3D xxen])
=A0AM_CONDITIONAL([COND_x86_64_xen], [test x$target_cpu =3D xx86_64 -a x$pl= atform =3D xxen])
=A0AM_CONDITIONAL([COND_mips_loongson], [test x$target_cpu =3D xmipsel -a x= $platform =3D xloongson])
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 060de44..63a8351 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -44,6 +44,13 @@ script =3D {
=A0 =A0enable =3D powerpc_ieee1275;
=A0};

+script =3D {
+ =A0installdir =3D platform;
+ =A0name =3D xen.cfg;
+ =A0common =3D boot/xen/xe= n.cfg.in;
+ =A0enable =3D xen;
+};
+
=A0kernel =3D {
=A0 =A0name =3D kernel;

diff --git a/grub-core/boot/xen/xen.cfg.in b/grub-core/boot/xen/xen.cfg.in
new file mode 100644
index 0000000..e2e590c
--- /dev/null
+++ b/grub-core/boot/xen/xe= n.cfg.in
@@ -0,0 +1,31 @@
+if [ -z "$grub_xen_guest" ]; then
+ =A0 =A0 =A0 # This is the copy of grub.xen installed in the dom0's fi= lesystem.
+ =A0 =A0 =A0 # Look for a copy in the domU's filesystem and chainload = that. =A0This
+ =A0 =A0 =A0 # allows us to guarantee that GRUB will be in sync with the + =A0 =A0 =A0 # configuration file in the domU. =A0The file locations here = must not
+ =A0 =A0 =A0 # have any configure-generated substitutions applied, as the = intent
+ =A0 =A0 =A0 # is that a single grub.xen should be able to cope with a var= iety of
+ =A0 =A0 =A0 # domU systems.
+ =A0 =A0 =A0 if search --set=3Droot --file /boot/grub/grub.xen; then
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 linux /boot/grub/grub.xen grub_xen_guest=3D1<= br> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 boot
+ =A0 =A0 =A0 elif search --set=3Droot --file=3D/boot/grub2/grub.xen; then<= br> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 linux /boot/grub2/grub.xen grub_xen_guest=3D1=
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 boot
+ =A0 =A0 =A0 else
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo "No grub.xen found in guest filesys= tem. =A0Tried:"
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo " =A0/boot/grub/grub.xen"
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo " =A0/boot/grub2/grub.xen"
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 halt
+ =A0 =A0 =A0 fi
+else
+ =A0 =A0 =A0 # This is the copy of grub.xen installed in the domU's fi= lesystem.
+ =A0 =A0 =A0 # Read its configuration file.
+ =A0 =A0 =A0 if search --set=3Droot --exclude=3Dmemdisk --file \
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 /@bootdirname@/@grubdirname@/= grub.cfg; then
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 configfile /@bootdirname@/@grubdirname@/grub.= cfg
+ =A0 =A0 =A0 else
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo "No /@bootdirname@/@grubdirname@/gr= ub.cfg found in guest filesystem."
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 halt
+ =A0 =A0 =A0 fi
+fi
--
1.8.4.4

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
--047d7ba975e4e4de1104ed58c854--