| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Dec 2011 23:48:30 +0000 From: Alasdair G Kergon <agk@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org, security@...nel.org, pmatouse@...hat.com, agk@...hat.com, jbottomley@...allels.com, mchristi@...hat.com, msnitzer@...hat.com Subject: Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices On Thu, Dec 22, 2011 at 02:25:56PM -0800, Linus Torvalds wrote: > I don't *think* anybody does something as crazy as giving actual block > device ownership to people, That can happen when running virtual machines backed by logical volumes. Say I am running a server that offers virtual machines to different people, and I allow those people to have root access within their own guest, but, naturally, I don't give them any access to other people's guests. I pool my disks on the server into a Volume Group and create one simple Logical Volume per guest VM to hold its filesystem. Due to this bug, a root user inside one guest VM can see and modify the contents of other VMs that don't belong to them (and in some situations perhaps even take control of the host machine by modifying the host's LVM metadata). Alasdair -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists