[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/4] Build grub.xen.

From: Vladimir 'phcoder' Serbinenko
Subject: Re: [PATCH 3/4] Build grub.xen.
Date: Thu, 12 Dec 2013 17:45:30 +0100

No I meant full access to just obe of guest partitions. E.g. FTP may be using separate partition and non-admins may have control over it. If system has some kind of automatic user creation and /home is separate someone may register as boot or grub and put grub.xen in his directory. If /tmp is on separate partition and not in RAM then everybody can put grub.xen to /tmp/grub/grub.xen

On Dec 12, 2013 5:39 PM, "Colin Watson" <address@hidden> wrote:
On Thu, Dec 12, 2013 at 05:24:50PM +0100, Vladimir 'phcoder' Serbinenko wrote:
> This config has a security problem. If a user has full acces to some
> partition (e.g. fto server partition) he can put grub.xen there and load
> his own code

Only in the domU context, though.  If a user has full access to a guest
filesystem then of course they can run code in the domU.  This seems
unsurprising and not a problem?

Colin Watson                                       [address@hidden]

Grub-devel mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]