From owner-freebsd-geom@freebsd.org Tue Sep 27 14:23:46 2016 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 203C3BEC996 for ; Tue, 27 Sep 2016 14:23:46 +0000 (UTC) (envelope-from zhaghzhagh@openmailbox.org) Received: from mail2.openmailbox.org (mail2.openmailbox.org [62.4.1.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFBB1B92 for ; Tue, 27 Sep 2016 14:23:45 +0000 (UTC) (envelope-from zhaghzhagh@openmailbox.org) Received: by mail2.openmailbox.org (Postfix, from userid 1001) id 77CE51028B4; Tue, 27 Sep 2016 16:14:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1474985645; bh=klFgXVo0/CHvXbTE27UVY0sfoqvRXzXYFP83+pTucY0=; h=Date:From:To:Subject:From; b=0lU7FL/X7iQwYBdEzsQQUY6+5WJbN4ILnhhu7nhgV3ikv1NOiAP3b+vU1rihQu/Aq 8Tp8rvUX7jGva591smufOOr+oBKcDi7f/ACVpGnFfj5DYrrgQ/xWPgte4DhHKWiTpn E0sIb8UoWq+A6hBICaaXxWGf7tQEjzMP5TwIo8XY= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on h3 X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,BAYES_50 autolearn=no autolearn_force=no version=3.4.0 Received: from www.openmailbox.org (unknown [10.91.130.51]) by mail2.openmailbox.org (Postfix) with ESMTP id 85C83103C88 for ; Tue, 27 Sep 2016 16:13:57 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 27 Sep 2016 14:13:57 +0000 From: zhaghzhagh@openmailbox.org To: freebsd-geom@freebsd.org Subject: GELI on remotely hosted FreeBSD VM Message-ID: X-Sender: zhaghzhagh@openmailbox.org User-Agent: Roundcube Webmail/1.0.6 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2016 14:23:46 -0000 Hello Wonder if there is any security implication with GELI based full disk encryption and FreeBSD running on Xen based VM? Here are some of my doubts: 1. Could the GELI passphrase revealed by having access to the VM's memory snapshot? (At boot time when passphrase is prompted - probably yes / during normal operation...) 2. Would it be possible to resume the VM from a snapshot and anyhow force it to do a full disk read? (With / without knowing root / any other user's credentials.) ... In general, would like to have a clearer picture about the effectiveness of full disk encryption in case of VM hosted at an 'unknown' physical location. Thanks! From owner-freebsd-geom@freebsd.org Tue Sep 27 18:55:56 2016 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFEDABECDEA for ; Tue, 27 Sep 2016 18:55:56 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from mail.cyberleo.net (paka.cyberleo.net [216.226.128.180]) by mx1.freebsd.org (Postfix) with ESMTP id D596EE28 for ; Tue, 27 Sep 2016 18:55:56 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from [172.16.44.4] (vitani.den.cyberleo.net [216.80.73.130]) by mail.cyberleo.net (Postfix) with ESMTPSA id C4186466DC; Tue, 27 Sep 2016 14:49:23 -0400 (EDT) Subject: Re: GELI on remotely hosted FreeBSD VM To: zhaghzhagh@openmailbox.org, freebsd-geom@freebsd.org References: From: CyberLeo Kitsana Message-ID: <429fb95a-27c0-46f7-e7be-faa77e31414c@cyberleo.net> Date: Tue, 27 Sep 2016 13:49:23 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2016 18:55:57 -0000 On 09/27/2016 09:13 AM, zhaghzhagh@openmailbox.org wrote: > Hello > > Wonder if there is any security implication with GELI based full disk > encryption and FreeBSD running on Xen based VM? > In general, would like to have a clearer picture about the effectiveness > of full disk encryption in case of VM hosted at an 'unknown' physical > location. Disk encryption only protects against offline attacks, or certain attacks on remote storage where the key is nowhere near the storage. If an attacker has access to the host side of a running or paused VM, it is equivalent to having physical access to a running machine; there is little you can do to secure a machine against such an attacker. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Furry Peace! - http://www.fur.com/peace/ From owner-freebsd-geom@freebsd.org Fri Sep 30 03:46:16 2016 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D794AC03A0C for ; Fri, 30 Sep 2016 03:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C7000C4B for ; Fri, 30 Sep 2016 03:46:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8U3kFYT075981 for ; Fri, 30 Sep 2016 03:46:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-geom@FreeBSD.org Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space after the disk capacity changes Date: Fri, 30 Sep 2016 03:46:16 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 03:46:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028 --- Comment #37 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Fri Sep 30 03:45:41 UTC 2016 New revision: 306476 URL: https://svnweb.freebsd.org/changeset/base/306476 Log: MFC r303019: Use g_resize_provider() to change the size of GEOM_DISK provider, when it is being opened. This should fix the possible loss of a resize event when disk capacity changed. MFC r303288: Do not invoke resize method if geom is being withered. MFC r303637: Do not invoke resize event if initial disk size is zero. Some disks report the size only after first opening. And due to the events are asynchronous, some consumers can receive this event too late and this confuses them. This partially restores previous behaviour, and at the same time this should fix the problem, when already opened provider loses resize event. PR: 211028 Changes: _U stable/11/ stable/11/sys/geom/geom_disk.c stable/11/sys/geom/geom_subr.c --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-geom@freebsd.org Fri Sep 30 03:49:03 2016 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16C24C03ADF for ; Fri, 30 Sep 2016 03:49:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06076D2F for ; Fri, 30 Sep 2016 03:49:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8U3n280047436 for ; Fri, 30 Sep 2016 03:49:02 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-geom@FreeBSD.org Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space after the disk capacity changes Date: Fri, 30 Sep 2016 03:49:02 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 03:49:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|New |Closed --- Comment #38 from Andrey V. Elsukov --- Fixed in head/ and stable/11. Thanks! --=20 You are receiving this mail because: You are on the CC list for the bug.=