openstack team mailing list archive

[Eric Windisch <eric@xxxxxxxxxxxxxxxx>]

>
>
> What's the security vulnerability here? Its writing to something which
> might be a symlink to somewhere special, right?
>

Mounting filesystems tends to be a source of vulnerabilities in and of
itself. There are userspace tools as an alternative, but a standard OS
mount is clearly not secure. While libguestfs is such a userspace
alternative, and guestmount is in some ways safer than a standard mount, it
is not used by Nova in a way that has any clear advantage to a standard
mount as it runs as root.

As this CVE indicates, injecting data into a mounted filesystem has its own
problems, whether or not that filesystem is mounted directly in-kernel or
via FUSE. There are also solutions here, some very complex, few if any are
foolproof.

The solution here may be to use libguestfs, which seems to be a modern
alternative to mtools, but to use it as a non-privileged user and to forego
any illusions of mounting the filesystem anywhere via the kernel or FUSE.

-- 
Regards,
Eric Windisch