Pygrub security enhancements and bugfixes

[PATCH 0/6] Pygrub security enhancements and bugfixes

Alejandro Vallejo posted 6 patches 6 months, 1 week ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20231106150508.22665-1-alejandro.vallejo@cloud.com

docs/man/xl.cfg.5.pod.in                    |   6 +-
tools/libfsimage/common/fsimage.c           |  42 ++++++--
tools/libfsimage/common/fsimage_grub.c      |   2 +-
tools/libfsimage/common/fsimage_plugin.c    |   4 +-
tools/libfsimage/common/fsimage_priv.h      |   3 +-
tools/libfsimage/common/mapfile-GNU         |   2 +
tools/libfsimage/common/mapfile-SunOS       |   2 +
tools/libfsimage/common/xenfsimage.h        |   3 +
tools/libfsimage/common/xenfsimage_plugin.h |   2 +-
tools/libfsimage/ext2fs-lib/ext2fs-lib.c    |  14 ++-
tools/pygrub/src/ExtLinuxConf.py            |  20 ++--
tools/pygrub/src/GrubConf.py                |  29 ++---
tools/pygrub/src/LiloConf.py                |  20 ++--
tools/pygrub/src/fsimage/fsimage.c          |  33 ++++++
tools/pygrub/src/pygrub                     | 113 +++++++-------------
15 files changed, 173 insertions(+), 122 deletions(-)

Expand all Fold all

[PATCH 0/6] Pygrub security enhancements and bugfixes

Posted by Alejandro Vallejo 6 months, 1 week ago

A few extra bugfixes and security enhancements for pygrub.

The biggest security enhacement is the removal of filesystem permissions
from the depriv thread of pygrub. This is possible on newer versions of
e2fsprogs, as it has an interface to consume file descriptors rather than
file paths.

Bug fixes
=========

Patch 1: Properly confines the mount namespace in Linux systems and
         corrects an incorrect statement about older Linux kernels being
         buggy with them. With this patch, mounts done inside the namespace
         disappear altogether after the last process is killed.
Patch 2: Fixes a bug preventing setting the LIMIT_FSIZE override

Security enhancements
=====================

Patch 3: Limits the amount of memory pygrub can chew
Patch 4: Tweaks libfsimage to support a new interface ( fdopen() ) which
         allows passing file descriptors rather than paths
Patch 5: Modifies the python bindings to grant access to the new interface
Patch 6: Modifies pygrub to open every required file before depriv.

Alejandro Vallejo (6):
  tools/pygrub: Set mount propagation to private recursively
  tools/pygrub: Fix bug in LIMIT_FSIZE env variable override
  tools/pygrub: Restrict depriv operation with RLIMIT_AS
  tools/libfsimage: Add an fdopen() interface to libfsimage
  tools/pygrub: Expose libfsimage's fdopen() to python
  tools/pygrub: Hook libfsimage's fdopen() to pygrub

 docs/man/xl.cfg.5.pod.in                    |   6 +-
 tools/libfsimage/common/fsimage.c           |  42 ++++++--
 tools/libfsimage/common/fsimage_grub.c      |   2 +-
 tools/libfsimage/common/fsimage_plugin.c    |   4 +-
 tools/libfsimage/common/fsimage_priv.h      |   3 +-
 tools/libfsimage/common/mapfile-GNU         |   2 +
 tools/libfsimage/common/mapfile-SunOS       |   2 +
 tools/libfsimage/common/xenfsimage.h        |   3 +
 tools/libfsimage/common/xenfsimage_plugin.h |   2 +-
 tools/libfsimage/ext2fs-lib/ext2fs-lib.c    |  14 ++-
 tools/pygrub/src/ExtLinuxConf.py            |  20 ++--
 tools/pygrub/src/GrubConf.py                |  29 ++---
 tools/pygrub/src/LiloConf.py                |  20 ++--
 tools/pygrub/src/fsimage/fsimage.c          |  33 ++++++
 tools/pygrub/src/pygrub                     | 113 +++++++-------------
 15 files changed, 173 insertions(+), 122 deletions(-)

-- 
2.34.1