Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Dec 2009
- Berlin, germany
security issue: same uuid used twice
Imagine you have an public linux computer (e.g. internet cafe) and you don't want someone (that is sitting at this pc) being root on this machine or allow any permanent changes on this computer.
Assume the BIOS is protected (password) and no other device than /dev/sda (hdd) is used for "/boot/" and "/" (usb-boot is disabled). The PC has visible/accessable USB ports which are seen by the used kernel.
(now the problem case)
If a user (not admin/root) enters "ls /dev/disk/by-uuid/" , he can see the UUIDs on this device.
He could prepare an USB filesystem using same UUID and having a similar content than "/" (linux installation using same kernel, but dangerous changes, e.g. rootkit). If the system is booting (/boot on hdd is used as usual), the kernel is looking for all visible filesystems and will find the same UUID twice (/dev/sda and usb-stick). Depending on which drive has been seen last, he will mount (my experience in 2009) the usb-filesystem, not the one on hdd.
Remember: the default way of mounting root-filesystem is by UUID! (/boot/grub/menu.lst: .. root=UUID=...)
I think the kernel is not prepared to handle identical UUIDs in one system!
Of course, this is an attack, but the kernel should be save against this.
I think the kernel should at least post an error-log (because I got confused some time ago because of accidentally using dd in a wrong way)
and there should be an parameter to specify the behavior in this case of double UUID.
Please comment on this.
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
I'm not 100% sure (security is not my domain - performance and stability are), but I think that if a UUID is in use, the OS should disallow mounting the USB device if it's UUID conflicts with mounted devices/file-systems. I haven't tried this, so that is only an educated guess. I think they would have to unmount the specific file system first before they mounted their USB device. However, in your scenario, if they were both on the system on boot then there would be a conflict (possibly). That leaves the question whether the OS will give precedence to an IDE/SATA/SCSI/SAS attached drive before a USB one. It may be possible for you to mitigate that if it doesn't in one of the init scripts, such as rc.local which is run at boot time - you can check for attached USB devices and umount them automatically. IE, don't allow external drives to be attached to the system at boot...Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!