lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4E54C210.1030204@kernel.org>
Date:	Wed, 24 Aug 2011 12:19:12 +0300
From:	Pekka Enberg <penberg@...nel.org>
To:	Avi Kivity <avi@...hat.com>
CC:	Christoph Hellwig <hch@...radead.org>,
	Sasha Levin <levinsasha928@...il.com>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...e.hu>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-next@...r.kernel.org
Subject: Re: linux next: Native Linux KVM tool inclusion request

On 8/24/11 11:31 AM, Avi Kivity wrote:
> On 08/23/2011 08:08 AM, Pekka Enberg wrote:
>> As for changes, we've implemented rootfs over 9p with "kvm run"
>> booting to host filesystem "/bin/sh" by default.
>
> Isn't this dangerous?  Users expect virtualization to land them in 
> sandbox, but here an rm -rf / in the guest will happily junk the host 
> filesystem.

Not really because I never run the tool as root. However, you're right that
we should not default to /bin/sh if you're root.

>> It still needs some
>> work and we hope to enable networking too. We also have patches to use
>> overlayfs so that the guest is able to use host filesystem in
>> copy-on-write manner.
>
> Still dangerous (but just to the guest), since it's not a true 
> snapshot.  If the host filesystem changes underneath the guest, it 
> will see partial and incoherent updates.  Copy-on-write only works if 
> the host filesystem doesn't change.

That's a generic problem with overlayfs based solutions, isn't it? We're 
planning
to use copy-on-write only on files that aren't supposed to change that 
often -
like /usr and /lib. I suppose we should force shared files to be 
read-only in
the guest.

                                     Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ