Date: Wed, 20 Sep 2017 18:13:19 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-fs@FreeBSD.org Subject: [Bug 214981] POLA violation: ZFS happily and silently remounts any existing mount on pool import Message-ID: <bug-214981-3630-Pd9Ume3WKU@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-214981-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-214981-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214981 --- Comment #2 from Vladimir Krstulja <vlad-fbsd@acheronmedia.com> --- I now believe this problem should be taken more seriously. I'd also like to formally request the FreeBSD project to assign a CVE to this issue. While I managed to train myself to always use -R or -N for zpool import, I = now found out the hard way that if you have zfs_enable=3D"YES" in rc.conf, whic= h you would if you wanted your "local" datasets be mounted on boot, it has a side-effect of automatically importing and mounting datasets for any pool t= hat becomes visible. In other words, anythign you "plug in" that contains a ZFS pool. Say, a sne= aky USB stick. Merely unlocking geli'd drives will result with any pools on those drives b= eing imported, datasets automounted, existing mountpoints remounted, root includ= ed, with zero warning, notification or complaint. So technically, we don't even have the protection of import -R or -N. This = is a security issue. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214981-3630-Pd9Ume3WKU>