Ubuntu
linux package

same uuid used twice

Bug #1071023 reported by Aleks-ger
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

possible security issue in linux kernel:
(I checked it at Ubuntu 9.10, but it should be still there)

Short: having 2 filesystems using identical UUID (by accident [dd clone] OR to infiltrate a public pc) located in one computer causes random choosen one to be mounted (even the root-partition) - which enables an attack to the system (or just could cause data-loss, because you work on the wrong disc and remove the wrong one after = happend to me in 2009).

Long:
Imagine you have an public linux computer (e.g. internet shop) and you don't want someone (that is sitting at this pc) being root on this machine or allow any permanent changes on this computer.
Assume the BIOS is protected (password) and no other device than /dev/sda (hdd) is used for "/boot/" and "/" (usb-boot is disabled). The PC has visible/accessable USB ports which are seen by the used kernel.
(now the problem case)
If a user (not admin/root) enters "ls /dev/disk/by-uuid/" , he can see the UUIDs on this device.
He could prepare an USB filesystem using same UUID and having a similar content than "/" (linux installation using same kernel, but dangerous changes, e.g. rootkit). If the system is booting (/boot on hdd is used as usual), the kernel is looking for all visible filesystems and will find the same UUID twice (/dev/sda and usb-stick). Depending on which drive has been seen last, he will mount (my experience in 2009) the usb-filesystem, not the one on internal hdd.
Remember: the default way of mounting root-filesystem is by UUID! (/boot/grub/menu.lst: .. root=UUID=...)
I think the kernel is not prepared to handle identical UUIDs in one system!
Of course, this is an attack, but the kernel should be save against this.

I think the kernel should at least post an error-log (because I got confused some time ago because of accidentally using dd in a wrong way),
and there should be an parameter to specify the behavior in this case of double UUID.

Thanks for reading.

related posts of myself, but unsolved:
http://www.linuxforums.org/forum/security/192106-security-issue-same-uuid-used-twice.html
http://www.linuxforums.org/forum/miscellaneous/157282-same-uuid-used-twice-accidentally-using-dd-backup-no-warning-appears.html

Tags: uuid
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.