Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Sep 2017 21:01:30 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-fs@FreeBSD.org
Subject:   [Bug 214981] ZFS happily and silently remounts any existing mount on pool import (POLA violation and security issue!)
Message-ID:  <bug-214981-3630-sqaGfaEECu@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-214981-3630@https.bugs.freebsd.org/bugzilla/>
References:  <bug-214981-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214981

--- Comment #4 from Vladimir Krstulja <vlad-fbsd@acheronmedia.com> ---
(In reply to Andriy Gapon from comment #3)

Unfortunately, in my view, that doesn't change anything. One major problem =
is
with ZFS receives, which is what hit me in this case. The server was receiv=
ing
backup pools from production, a root pool included.

The obvious part is solved with import -R or -N, and giving -u to `zfs rece=
ive`
so it doesn't mount received snapshots. All was well until after quite a lo=
ng
time I had to reboot the server. The act of unlocking the drives that conta=
ined
the backup datasets, the very act of hitting enter on last geli passphrase
imported and mounted everything it found, so I haven't had a chance to -R or
-N.

The security problem in this is also through received datasets. One could a=
rgue
that you have to trust data you receive, and I partially agree. It doesn't =
help
that ZFS does not, with this, offer any safety net in an form of an ability=
 to
prevent automatic importing + mounting, from happening at all. Oh yeah, dis=
able
zfs service maybe. But totally not a solution.

Automatic, implicit, quiet, non-obvious remounts, especially of /, without =
the
user explicitly stating it's okay to do so, should NEVER happen. Ever.

I really hope this issue will be treated as a serious problem.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214981-3630-sqaGfaEECu>