Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partitiondevices

[Alasdair G Kergon]

On Thu, Dec 22, 2011 at 02:25:56PM -0800, Linus Torvalds wrote:
> I don't *think* anybody does something as crazy as giving actual block
> device ownership to people, 

That can happen when running virtual machines backed by logical volumes.

Say I am running a server that offers virtual machines to different
people, and I allow those people to have root access within their own
guest, but, naturally, I don't give them any access to other people's
guests.

I pool my disks on the server into a Volume Group and create one simple
Logical Volume per guest VM to hold its filesystem.

Due to this bug, a root user inside one guest VM can see and modify the
contents of other VMs that don't belong to them (and in some situations
perhaps even take control of the host machine by modifying the host's
LVM metadata).

Alasdair

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/