[linux-lvm] devices.filter changed behaviour in 80ac8f37d6
Chris Webb
chris at arachsys.com
Mon Sep 7 13:08:52 UTC 2015
Just one final thought. A second reason we deliberately exclude those iSCSI
devices is that they're actually the drives backing customer VMs, so any
LVM metadata on them should be interpreted by an untrusted guest kernel and
not by the host. Untrusted third parties have complete control over the
contents of the block devices.
Is LVM well-secured against attacks from block devices containing malicious
LVM metadata? If not, an unexpected change in filtering behaviour might
potentially be a security issue in some environments.
Cheers,
Chris.
More information about the linux-lvm
mailing list