• caglararli@hotmail.com
  • 05386281520

Untrusted QEMU guest with access to host partition UUID/label

Çağlar Arlı      -    54 Views

Untrusted QEMU guest with access to host partition UUID/label

I'm analyzing a system where services are isolated via QEMU. For storage, it gives each guest access to their own block device/partition on the host (for performance reasons).

I'm wondering if this enables a hypothetical exploit if the guest is compromised/malicious: since the guest has write access to the entire range of bytes within a partition, it could change the filesystem label and/or UUID in hopes that it could match some other partition mentioned in /etc/fstab or its equivalents. If it gets lucky, on next boot the host would mount the guest's filesystem as root.

Is this possible and if yes, does there exist a robust way of mitigating this problem?