[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] protection against a domu assigning a uuid to block device

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: James Harper <james.harper@xxxxxxxxxxxxxxxx>
Date: Mon, 4 Mar 2013 10:30:22 +0000
Accept-language: en-AU, en-US
Delivery-date: Mon, 04 Mar 2013 10:31:13 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: Ac4YwhHJE9McqrsfS+eaUINHDuOW4g==
Thread-topic: protection against a domu assigning a uuid to block device

I noticed on a Debian Dom0 I built recently that it mounted some volumes by 
uuid. That devices in question were aka /dev/sdaX, so mounting by uuid seems 
like the sensible thing to do, but what would happen if that uuid became known 
to a malicious domu and it wrote the same uuid to its own lvm volume?

How does Linux cope with multiple uuid's? would it be possible that a volume 
mounted by uuid have the malicious domu's lvm volume mounted instead, assuming 
these volumes are all available at boot time?

Ditto for labels too I guess, and even more so as these are more easily 
guessable (I've used root, var, and usr as labels before)

Thanks

James

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] protection against a domu assigning a uuid to block device
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH] Update MAINTAINERS file
Next by Date: Re: [Xen-devel] [RFC] libxc: Add trusted decompressors
Previous by thread: [Xen-devel] [PATCH] linux-2.6.18/x86-64: fix HYPERVISOR_iret unwind annotation
Next by thread: Re: [Xen-devel] protection against a domu assigning a uuid to block device
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.