[pve-devel] [Enhancement request] Thin Provisionning problems.. need to zero LVM disks before deleting a VM
Dietmar Maurer
dietmar at proxmox.com
Wed Mar 7 12:38:25 CET 2012
> > This also seems to be a general security problem. AFAIK lvcreate and
> > lvremove does not zero out data, so it is possible to one VM see data of
> another (deleted) VM?
> >
> > - Dietmar
> >
>
> Make the test
> * create an 100MB LV, zero it, mkfs.ext3 it
> * copy a 50M file in it
> * lvremove it
> * lvcreate another one with the same size
>
> you're unable to mount it, but the data are still there...
> if you hexdump of the LV : you'll find the you've copied...
>
> More interessant, do fsck and it will rebuild the FAT...
> now you're able to mount it and see the data...
>
> There can indeed be a security problem...
Just committed a fix:
https://git.proxmox.com/?p=pve-storage.git;a=commit;h=88c3abaf6e7c1ce320e69e5753cffcc2c12264e2
we do this for all LVs. Let's see if user complains.
- Dietmar
More information about the pve-devel
mailing list