From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bastian Blank <bastian@waldi.eu.org>
Subject: Re: [PATCH] pv-grub: Support bzip2,
 xz and lzo compressed kernels
Date: Tue, 26 Feb 2013 23:25:02 +0100
Message-ID: <20130226222502.GB27098@waldi.eu.org>
References: <1357300593-28685-1-git-send-email-ian.campbell@citrix.com>
	<20130104123307.GA1202@waldi.eu.org>
	<1357303220.14291.11.camel@zakaz.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <1357303220.14291.11.camel@zakaz.uk.xensource.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Fri, Jan 04, 2013 at 12:40:20PM +0000, Ian Campbell wrote:
> On Fri, 2013-01-04 at 12:33 +0000, Bastian Blank wrote:
> > Is there a reason not to use the implementations used by the hypervisor?
> Decompressing a potentially untrusted compressed file in the context of
> the hypervisor would open you up to all sorts of security issues. One of
> the points of pv-grub is that the untrusted code runs only with guest
> privileges.

This was not what I meant, but you realized that already.

Anyway, I have some not really nice patches that integrate the
hypervisor bzip2, lzma, xz and lzo code into pv-grub. gzip is not
handled via this code path.

Bastian

-- 
Insufficient facts always invite danger.
		-- Spock, "Space Seed", stardate 3141.9