No I meant full access to just obe of guest partitions. E.g. FTP may be using separate partition and non-admins may have control over it. If system has some kind of automatic user creation and /home is separate someone may register as boot or grub and put grub.xen in his directory. If /tmp is on separate partition and not in RAM then everybody can put grub.xen to /tmp/grub/grub.xen On Dec 12, 2013 5:39 PM, "Colin Watson" <cjwat...@ubuntu.com> wrote:
> On Thu, Dec 12, 2013 at 05:24:50PM +0100, Vladimir 'phcoder' Serbinenko > wrote: > > This config has a security problem. If a user has full acces to some > > partition (e.g. fto server partition) he can put grub.xen there and load > > his own code > > Only in the domU context, though. If a user has full access to a guest > filesystem then of course they can run code in the domU. This seems > unsurprising and not a problem? > > -- > Colin Watson [cjwat...@ubuntu.com] > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
