[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] domU leaks disk volume configs into to dom0 - iscsi / lvm

Sarah Newman <srn@xxxxxxxxx> wrote:

> I don't see how the dom0 accessing a device will give access to a different 
> domU, but it is a potential security problem if there's a vulnerability
> with LVM.

I think it's part of a generic problem with volume identification and 
uncontrolled guests.

For a simple case, suppose you (on your Dom0) configure your mounts to use 
filesystem labels - eg dom0-root, dom0-var, etc. Then a guest creates 
filesystems with the same labels. On the next boot, it's "indeterminate" which 
filesystem gets used, and there's the potential for a skilled admin of a DomU 
to take over the host completely.

With LVM you get much the same thing. The admin of a guest can configure LVM 
volume groups/volumes with appropriate names, and they could get "mixed up" by 
the host and the risk is again that the wrong volume is used in the wrong 
place. If the admin knows enough about the host, that could again mean getting 
the host to boot off your alternative image if you are using (say) GRUB and 
have configured it to use LVM volume names.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.