[pve-devel] [Enhancement request] Thin Provisionning problems.. need to zero LVM disks before deleting a VM

Philippe OTTIN philippe.ottin at weishardt.com
Wed Mar 7 11:16:15 CET 2012


Le 07/03/2012 10:27, Dietmar Maurer a écrit :
>> It seems this problem is common on all thin-provisionning SAN's (not only
>> SanMelody)
>>
>> I wanted to modify Storage.pm to add a the dd command before the
>> lvremove, but the problem is that is lasts from seconds to minuts... and
>> the GUI session waits for the end of the dd before allowing me to do
>> anything else..
>> Dietmar told me on the forum, that lvremove was considered as a quick
>> command, and that's why it wasn't managed on a "batch" way.
>>
>> So my question is : is there a way to add this feature in 2.0?
>> 1) put a parameter (on the storage definition?) telling that we would
>> like to zero the LV before lvremove
> Yes, something like that. Or a global setting in datacenter.cfg
>
> This also seems to be a general security problem. AFAIK lvcreate and lvremove does
> not zero out data, so it is possible to one VM see data of another (deleted) VM?
>
> - Dietmar
>

Make the test
* create an 100MB LV, zero it, mkfs.ext3 it
* copy a 50M file in it
* lvremove it
* lvcreate another one with the same size

you're unable to mount it, but the data are still there...
if you hexdump of the LV : you'll find the you've copied...

More interessant, do fsck and it will rebuild the FAT...
now you're able to mount it and see the data...

There can indeed be a security problem...







-- 
Cordialement/Best regards

-----------------------------ooO-(_)-Ooo---------------------------------
Philippe OTTIN
Responsable Système/System Manager
Weishardt Holding
tel: +33 5 63 42 35 04
fax: +33 5 63 42 35 15
http://www.weishardt.fr

--
This message is protected by the secrecy of correspondence rules ; furthermore it may contain privileged or confidential information
that is protected by law,notably by the secrecy of business relations rule ; it is intended solely for the attention of the addressee.
Any disclosure, use, dissemination or reproduction (either whole or partial) of this message or the information contained herein is
strictly prohibited without prior consent.
Any electronic message is susceptible to alteration and its integrity can not be assured. 
Weishardt declines any responsibility for this message in the event of alteration or falsification.
If you are not the intended recipient, please destroy it immediately and notify the sender of the wrong delivery and the mail deletion.
For contact information see http://www.weishardt.com





More information about the pve-devel mailing list