QubesOS/qubes-installer-qubes-os
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

blivet: do not mount pre-existing partitions and do not detect OS there

Browse Source 
This operation may be harmfull in many ways:
 - may unintentionally modify a disk not selected as installation target
   (mounting even read only replays journal for example)
 - if previous system was compromised, it may try to exploit some of the
   parsing code (filesystem driver etc) to survive across
   re-installation

QubesOS/qubes-issues#2835
This commit is contained in:
Marek Marczykowski-Górecki 2019-10-23 03:09:58 +02:00
parent 1abde9cad3
commit 12cc054a74
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
blivet/0001-Avoid-mounting-pre-existing-disks.patch Normal file
View File

@ -0,0 +1,47 @@
From 1ce66b58907e229e21a0012a7a36ae93e9e32054 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
<marmarek@invisiblethingslab.com>
Date: Tue, 22 Oct 2019 16:15:31 +0200
Subject: [PATCH] Avoid mounting pre-existing disks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
This operation may be harmfull in many ways:
- may unintentionally modify a disk not selected as installation target
(mounting even read only replays journal for example)
- if previous system was compromised, it may try to exploit some of the
parsing code (filesystem driver etc) to survive across
re-installation
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
blivet/osinstall.py | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/blivet/osinstall.py b/blivet/osinstall.py
index 485e774c..f46388cd 100644
--- a/blivet/osinstall.py
+++ b/blivet/osinstall.py
@@ -211,14 +211,8 @@ def find_existing_installations(devicetree, teardown_all=True):
:rtype: list of :class:`Root`
"""
- try:
- roots = _find_existing_installations(devicetree)
- return roots
- except Exception: # pylint: disable=broad-except
- log_exception_info(log.info, "failure detecting existing installations")
- finally:
- if teardown_all:
- devicetree.teardown_all()
+ if teardown_all:
+ devicetree.teardown_all()
return []
--
2.20.1

2
blivet/python-blivet.spec
View File

@ -23,6 +23,7 @@ Patch5: 0005-Use-local-backport-of-BlockDev-2.0-interface.patch
# Qubes patches # Qubes patches
Patch100: 0001-Double-recommended-LVM-thin-pool-metadata-space.patch Patch100: 0001-Double-recommended-LVM-thin-pool-metadata-space.patch
Patch101: 0001-Avoid-mounting-pre-existing-disks.patch
# Versions of required components (done so we make sure the buildrequires # Versions of required components (done so we make sure the buildrequires
# match the requires versions of things). # match the requires versions of things).
@ -80,6 +81,7 @@ configuration.
%patch5 -p1 %patch5 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1
rm -rf %{py3dir} rm -rf %{py3dir}
cp -a . %{py3dir} cp -a . %{py3dir}