[pve-devel] [PATCH] add scsi-block detection

Alexandre DERUMIER aderumier at odiso.com
Mon Mar 19 09:21:06 CET 2012


The original discussion is here:

https://lkml.org/lkml/2011/12/22/270
and redhat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=752375

"In the virtio case the vulnerability can be mitigated by disabling SCSI
passthrough for the virtio-blk device; however, the root cause is in
the kernel and needs to be fixed there."

Don't know if the patches are already in the redhat kernel we use ?


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Lundi 19 Mars 2012 07:21:53 
Objet: RE: [pve-devel] [PATCH] add scsi-block detection 

Just found this: 

http://www.redhat.com/archives/rhsa-announce/2011-December/msg00045.html 

Seems scsi-block is a big security risk? 

- Dietmar Maurer 


> -----Original Message----- 
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com] 
> Sent: Montag, 19. März 2012 07:06 
> To: Dietmar Maurer 
> Cc: pve-devel at pve.proxmox.com 
> Subject: Re: [pve-devel] [PATCH] add scsi-block detection 
> 
> Hi Dietmar, 
> I found this : 
> 
> http://search.cpan.org/~mooli/Device-SCSI-1.004/lib/Device/SCSI.pm 
> 
> 
> use Device::SCSI; 
> 
> my @devices = Device::SCSI->enumerate; 
> 
> my $device = Device::SCSI->new($devices[0]); 
> my %inquiry = %{ $device->inquiry }; 
> my ($result, $sense) = $device->execute($command, $wanted, $data); 
> $device->close; 
> 
> 
> Seem to be what we want to do ... 
> 
> ----- Mail original ----- 
> 
> De: "Dietmar Maurer" <dietmar at proxmox.com> 
> À: "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Vendredi 16 Mars 2012 15:58:54 
> Objet: RE: [pve-devel] [PATCH] add scsi-block detection 
> 
> > maybe 
> > 
> > bdrv_ioctl(s->qdev.conf.bs, SG_GET_VERSION_NUM, &sg_version) do the 
> > job ? 
> 
> AFAIK the inquiry command fail, so we need to execute an scsi inquiry. 
> 
> - Dietmar 
> 
> 
> 
> -- 
> 
> -- 
> 
> 
> 
> 
> Alexandre D erumier 
> Ingénieur Système 
> Fixe : 03 20 68 88 90 
> Fax : 03 20 68 90 81 
> 45 Bvd du Général Leclerc 59100 Roubaix - France 
> 12 rue Marivaux 75002 Paris - France 
> 




-- 

-- 




	Alexandre D erumier 
Ingénieur Système 
Fixe : 03 20 68 88 90 
Fax : 03 20 68 90 81 
45 Bvd du Général Leclerc 59100 Roubaix - France 
12 rue Marivaux 75002 Paris - France 
	



More information about the pve-devel mailing list