[zfs-discuss] Failed to Import Pool via Cache File

Gena Makhomed gmm at csdoc.com
Mon Dec 18 15:33:17 EST 2017


On 18.12.2017 22:06, Gregor Kopka (@zfs-discuss) via zfs-discuss wrote:

>>> Ceterum censeo /etc/zpool.cache should be abolished.

>> zfs-import-scan.service has security vulnerabilities

> My guess would be that the issue you raise is that the /zpool import -a/
> it issues will pull in any pools it finds, a subsequent /zfs mount -a/
> will happily mount filesystems from any pool that is imported at that
> point - thus one would be able to add an USB drive, reboot, have the
> pool in it imported and eg. replace /root/.ssh to access the system.

Yes. Or replace any other file in system.

> My point isn't that zfs should scan for any pool it can find but that
> there should be a /text/ configration file (left alone by ZFS)
> containing a list of pools to import (and mount) in the given order.
> With zpool.cache being a /binary /file that is /magically /updated (by
> zpool import/export invocations) with the set of pools to import it
> dosn't look like good unix style to me.

Can you create https://github.com/zfsonlinux/zfs/issues
of your idea with text file for ZFS on Linux developers?

 From my point of view this is may be good fix for
bug https://github.com/zfsonlinux/zfs/issues/4325

and may be in future versions of ZFS on Linux
file /etc/zpool.cache will be deprecated?

-- 
Best regards,
  Gena


More information about the zfs-discuss mailing list