[Fedora-livecd-list] Is automounting of LVM volumes by a livecd dangerous?

Antonio Olivares olivares14031 at yahoo.com
Sat Aug 2 03:25:02 UTC 2008 

> > Dear all,
> > 
> > I have asked the following question on
> fedora-list at redhat.com.
> > 
> > But then it clicked to me that I should have directed
> the question here on livecd list.
> > 
> > Is automounting of LVM volumes by a livecd dangerous?
> 
> Probably you've heard this before, but the short answer
> is 'it depends'.
> 
> If you believe in the philosophy that a default livecd boot
> should be 
> guaranteed to not write any bits on system disk/storage,
> then yes, it is 
> dangerous.  I'll even go one further- it's even
> dangerous to mount ext3 
> filesystems ""read-only"".
> 
> When implementing liveusb-persistence, an early variation
> of my 
> implementation would attempt to readonly mount every disk,
> looking for 
> persistent overlay files to utilize.  Ultimately, for the
> first liveusb 
> persistence release, I backed off of the flexibility that
> doing so would 
> enable, and now the current fedora liveusb mechanism will
> only by 
> default look at the booting media (e.g. usbstick) for the
> persistence 
> file which is by definition already mounted.
> 
> One thing I noticed in that earlier implementation was that
> if you did a 
> 'blockdev --setro' on devices before attempting to
> mount them readonly 
> (because like me, you are ultra paranoid, and believe that
> users should 
> be confident that by default no bits on their disks will be
> twiddled)... 
>   Anyway, if you do that, and then try to mount readonly an
> ext3 device, 
> you'll be confounded by the fact that the mount now
> fails, because for 
> some reason mounting an ext3fs readonly is not a purely
> read-only 
> operation.  I think maybe in some instances it really wants
> to replay 
> the journal.  I vaguely recall also trying to mount an ext3
> as readonly 
> as an ext2 filesystem, but I vaguely recall that not
> working.
> 
> Ultimately, for another tool I was working on (viros.org),
> I ended up 
> implementing a devicemapper solution.  I.e. to be truly
> paranoid, you 
> can blockdev --setro, then build up a devicemapper snapshot
> to ram to 
> get a virtually writable device, which you can then mount
> readonly (and 
> amusingly, get some visibility into which bits get written
> in such a case).
> 
> But back to your question-  Another very good reason to be
> this 
> paranoid, is whether or not you want to support the
> following use-case:
> 
> - user has ubuntu(or any distro) installed on their system
> disk.
> - user hibernates
> - user boots your livecd
> - user reboots, and wants to unhibernate
> - user is hosed if you mounted filesystems that were
> mounted in the 
> hibernated OS
> 
> -dmc
> 

By default slax mounts all devices rw including NTFS partitions.  Maybe a warning should be placed on the use.  Anyhow, I have not seen it be dangerous with regular partitions.  

Thank you for your input,  I will relay the information to Tomas.

Regards,

Antonio

More information about the Fedora-livecd-list mailing list