fweimer at redhat.com
Mon Sep 2 10:14:08 UTC 2013
On 09/02/2013 10:54 AM, Miroslav Suchý wrote:
> On 08/30/2013 05:59 PM, Daniel P. Berrange wrote:
>> On Fri, Aug 30, 2013 at 11:52:05AM -0400, Colin Walters wrote:
>>> On Fri, 2013-08-30 at 09:01 -0400, Colin Walters wrote:
>>> Also, wow, I just followed and read the link:
>>> I know this is old code and stuff, but writing the data to the swap
>>> partition sounds very Rube Goldberg.
> It sounds complicated. But the reason is:
> since during build, the code is run under root, you must assume very
> hostile environment.
> The packager can do on builder *anything*. Even modify file system.
> Directly on block device.
> And if you mount the guestfs as whole FS, there is potential to exploit
> kernel FS. In past there were problems where kernel oopsed because FS
> was damaged. So OBS team decided that this has potential for exploit and
> into swap data is written number of blocks where the files reside and
> from that guest FS are read just those blocks directly.
> Using virtio-serial can be used for that, but I guess that it was not
> available at that time (and AFAIK it will not work no s390 zVM).
Regular networking is also an option, I think. The networking stack is
more robust than the file system stack. (Which puts the idea to use
air-gapped machines and thumb drives for data transfer between them into
an interesting light, by the way.)
Florian Weimer / Red Hat Product Security Team
More information about the devel