openstack team mailing list archive

Thread
Date

Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)

To: Christoph Hellwig <Christoph.Hellwig@xxxxxxxxxx>
From: Eric Windisch <eric@xxxxxxxxxxxxxxxx>
Date: Wed, 8 Aug 2012 13:57:12 -0400
Cc: Thierry Carrez <thierry@xxxxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <1344446129.8370.5.camel@rocky.lst.de>

> 
> I think the first step is to make sure that a filesystem that the guest
> touched never gets used by the host again, not doing so is just way to
> much of a security risk.
> 
> Second there are lots of options to create filesystem entirely in
> userspace with contents that can later be written to:
> 
> Especially udf is a very interesting options as just about any modern
> operating system supports it. The same is true for vfat, but vfat is
> fairly limiting for many use cases.


Agreed on all points. 

> 
> Why do we ever read a filesystem touched by a guest in the host?
I believe this is more of reading filesystems that were uploaded by users into glance. However, it is essentially the same thing.

I don't think we need to do this and don't think we should do this. Clearly, however, someone somewhere, at some point, thought they wanted this.

Regards,
Eric Windisch

References

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Thierry Carrez, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Christoph Hellwig, 2012-08-08