From: Maksim Fomin <maxim@fomin.one>
To: "linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>
Subject: Potential CVE due to malicious UUID conflict?
Date: Wed, 13 Nov 2019 09:28:39 +0000 [thread overview]
Message-ID: <qs_-w114I5p8c1eRnhwyZXxnP_XFxfWGIFw1rTBNwxQOzjq7d0EiJoEgHX8jVDDLtze2SNcRe55qT6mxV6ZVYvNNsm2ZyHkopl20UX9VY-0=@fomin.one> (raw)
In-Reply-To: <1204250219.669.1573609035591.JavaMail.zimbra@raptorengineeringinc.com>
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, 13 November 2019 г., 4:37, Timothy Pearson <tpearson@raptorengineering.com> wrote:
> I was recently informed on #btrfs that simply attaching a device with the same UUID as an active BTRFS filesystem to a system would cause silent corruption of the active disk.
BTRFS has two UUIDs: the "UUID" and "UUID_SUB".
> Two questions, since this seems like a fairly serious and potentially CVE-worthy bug (trivial case would seem to be a USB thumbdrive with a purposeful UUID collision used to quietly corrupt data on a system that is otherwise secured):
Are you from security area? These people seem to be desperate in finding real security holes so they try to present any software error as a CVE. For example, they tried to present initrd pass through to root console [1] or systemd lauching a service with root permissions as a CVE [2]. Regarding this btrfs uuid issue - the data will be silently corrupted, but this "CVE" would require physical access to machine (like in initrd case). Besides, this issue is known for a long time. Bad news, no one will earn a CVE badge for reporting this issue. Security trolls should find hope somewhere else.
[1] https://www.cvedetails.com/cve/CVE-2016-4484/
[2] https://www.securityweek.com/linux-systemd-gives-root-privileges-invalid-usernames
prev parent reply other threads:[~2019-11-13 9:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 1:37 Potential CVE due to malicious UUID conflict? Timothy Pearson
2019-11-13 3:41 ` Anand Jain
2019-11-13 5:15 ` Timothy Pearson
2019-11-13 9:28 ` Maksim Fomin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='qs_-w114I5p8c1eRnhwyZXxnP_XFxfWGIFw1rTBNwxQOzjq7d0EiJoEgHX8jVDDLtze2SNcRe55qT6mxV6ZVYvNNsm2ZyHkopl20UX9VY-0=@fomin.one' \
--to=maxim@fomin.one \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).