0

Lets assume I have a virtual machine and no access to the hypervisor in any way. Also I cannot change any system parameters like setting up password protected booting with LUKS or anything. I can however install whatever tools I'd like and have full root access. Using dd to write zeros or random on the device will eventually fail an won't leave the system empty. Do you have any suggestions on how to solve that? Maybe some script I can run on startup when I reboot the system?

fra-san
  • 9,931
  • 2
  • 21
  • 42
Felix
  • 33
  • 1
  • 3
  • 2
    What's the goal you want to achieve? Make sure that the admin of the hypervisor can't access your data? If so, then you're screwed, there's absolutely no way you can prevent the hypervisor from taking snapshots of your VM at will. – TooTea Mar 19 '20 at 09:02
  • 2
    Ask the people that are admins on the host to remove the VM. If you don't trust these people, then you should ideally have factored that in when setting up the system. – Kusalananda Mar 19 '20 at 09:37
  • The goal is simply to destroy the data at a certain point when I'm about to loose control over the VM. It won't happen suddenly but if I cancel my subscription for example and I want to destroy anything on the vm. – Felix Mar 19 '20 at 10:39

1 Answers1

2

Basic Idea

  1. Make a ram disk -- or tmpfs
  2. Install busybox, static linked, on the ram disk.
  3. Make dev nodes for your disks and /dev/null and the like on the ram disk.
  4. pivot_root to the ram disk.
  5. exec a busybox shell.
  6. kill anything else running on the machine that prevents the next step. You might need to also put an ssh server on the ram disk, or use something like busybox nc -l -l -p1234 -e busybox sh to give you an alternate access.
  7. Unmount the "real" disks.
  8. use busybox's dd to wipe the "real" disks.

Note that that busybox line doesn't get you a "terminal", just a shell, so a lot of stuff is weird. And if you use telnet to connect to it, it gets weirder. Specifically, you get carriage returns before each linefeed, so typing pwd fails, but adding a space afterwards works. I recommend using nc or busybox nc as your client.

Problem

You can't actually kill init and get away with it. You may or may not be able to unmount the disks with killing things that started from that disk.

I think there are two alternatives.

  1. Change the boot scripts to setup the tunnel, or to do the disk wipe for you. There are disk wiping toolkits that might have a version that could be combined with your kernel's modules to do the later.
  2. Try to wipe the disks without unmounting them. If you do this, make sure you poweroff -fn.
David G.
  • 1,314
  • 1
  • 4
  • 15