On Mon, Jul 24, 2023 at 04:51:38PM +0100, Richard W.M. Jones wrote:
> You don't actually need to do any of this if you're using libguestfs,
> because the worst that can happen is the filesystem will pwn the
> kernel inside the KVM appliance (which is just a userspace process, so
> you can kill it).
But if that kernel is pwn3d, won't that still allow arbitrary data to be
passed out to the host? (I confess to knowing very little about the
guts of libguestfs)
> A bit in the superblock marks the filesystem as clean or dirty, and
> that has nothing to do with whether it is malicious.
Yep. I'm just saying that if the filesystem is marked as dirty, then
prompting the user what to do is a good idea -- After all, we *know* the
filesystem integrity is questionable, and mounting it might cause
unintented side effects. (ie not p3nage, but instead the far more
common threat of corruption or data loss)
- Solomon
--
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
Dowling Park, FL speachy (libra.chat)
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
