*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
possible security issue in linux kernel: (I checked it at Ubuntu 9.10, but it should be still there) Short: having 2 filesystems using identical UUID (by accident [dd clone] OR to infiltrate a public pc) located in one computer causes random choosen one to be mounted (even the root-partition) - which enables an attack to the system (or just could cause data-loss, because you work on the wrong disc and remove the wrong one after = happend to me in 2009). Long: Imagine you have an public linux computer (e.g. internet shop) and you don't want someone (that is sitting at this pc) being root on this machine or allow any permanent changes on this computer. Assume the BIOS is protected (password) and no other device than /dev/sda (hdd) is used for "/boot/" and "/" (usb-boot is disabled). The PC has visible/accessable USB ports which are seen by the used kernel. (now the problem case) If a user (not admin/root) enters "ls /dev/disk/by-uuid/" , he can see the UUIDs on this device. He could prepare an USB filesystem using same UUID and having a similar content than "/" (linux installation using same kernel, but dangerous changes, e.g. rootkit). If the system is booting (/boot on hdd is used as usual), the kernel is looking for all visible filesystems and will find the same UUID twice (/dev/sda and usb-stick). Depending on which drive has been seen last, he will mount (my experience in 2009) the usb-filesystem, not the one on internal hdd. Remember: the default way of mounting root-filesystem is by UUID! (/boot/grub/menu.lst: .. root=UUID=...) I think the kernel is not prepared to handle identical UUIDs in one system! Of course, this is an attack, but the kernel should be save against this. I think the kernel should at least post an error-log (because I got confused some time ago because of accidentally using dd in a wrong way), and there should be an parameter to specify the behavior in this case of double UUID. Thanks for reading. related posts of myself, but unsolved: http://www.linuxforums.org/forum/security/192106-security-issue-same-uuid-used-twice.html http://www.linuxforums.org/forum/miscellaneous/157282-same-uuid-used-twice-accidentally-using-dd-backup-no-warning-appears.html ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: uuid -- same uuid used twice https://bugs.launchpad.net/bugs/1071023 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
