---------- Forwarded message ----------
From: "Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com>
Date: Dec 12, 2013 5:45 PM
Subject: Re: [PATCH 3/4] Build grub.xen.
To: "The development of GNU GRUB" <grub-devel@gnu.org>

No I meant full access to just obe of guest partitions. E.g. FTP may be
using separate partition and non-admins may have control over it. If system
has some kind of automatic user creation and /home is separate someone may
register as boot or grub and put grub.xen in his directory. If /tmp is on
separate partition and not in RAM then everybody can put grub.xen to
/tmp/grub/grub.xen
On Dec 12, 2013 5:39 PM, "Colin Watson" <cjwatson@ubuntu.com> wrote:

> On Thu, Dec 12, 2013 at 05:24:50PM +0100, Vladimir 'phcoder' Serbinenko
> wrote:
> > This config has a security problem. If a user has full acces to some
> > partition (e.g. fto server partition) he can put grub.xen there and load
> > his own code
>
> Only in the domU context, though.  If a user has full access to a guest
> filesystem then of course they can run code in the domU.  This seems
> unsurprising and not a problem?
>
> --
> Colin Watson                                       [cjwatson@ubuntu.com]
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>