Debugreiserfs Security Question (3.6.7-pre1)

Debugreiserfs Security Question (3.6.7-pre1)

[Manuel Krause]

Hi!

If I currently use debugreiserfs -p  /dev/xxx | gzip -c > xxx.gz and
later for testing gunzip -c xxx.gz | unpack /dev/yyy  I get the same
filenames on the last target partition. (with reiserfsprogs 3.6.7-pre1)


If I don't want to spread info about
  /home/manuel/my_car/tech_overview/lies_for_BMW_&_DC/engine.259.fake.jpg
anywhere else than only on my HDD, shouldn't this file be converted to
  /d98/d4/d2/d65/d1/23.file
e.g., or something like that (random directory & filenames) within
debugreiserfs, in general?!

I don't know if that is a serious security issue. But it is one.

No no, I don't doubt your developers' debugging cyle and purpose at all.
But I don't need you (and others if we couldn't establish a secure
connection) to read our filenames. In case of real failure we may not
be able to rename anything any more, you know..


Best regards,

Manuel Krause


(The filenames mentioned above have NO real meaning in ANY sense.)

Re: Debugreiserfs Security Question (3.6.7-pre1)

[Russell Coker]

On Fri, 20 Jun 2003 12:24, Manuel Krause wrote:
> If I currently use debugreiserfs -p  /dev/xxx | gzip -c > xxx.gz and
> later for testing gunzip -c xxx.gz | unpack /dev/yyy  I get the same
> filenames on the last target partition. (with reiserfsprogs 3.6.7-pre1)

So if the bug in ReiserFS is related to file names then how could it be 
diagnosed without the names being preserved?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Debugreiserfs Security Question (3.6.7-pre1)

[Oleg Drokin]

Hello!

On Fri, Jun 20, 2003 at 04:24:01AM +0200, Manuel Krause wrote:

> If I currently use debugreiserfs -p  /dev/xxx | gzip -c > xxx.gz and
> later for testing gunzip -c xxx.gz | unpack /dev/yyy  I get the same
> filenames on the last target partition. (with reiserfsprogs 3.6.7-pre1)
> If I don't want to spread info about
>  /home/manuel/my_car/tech_overview/lies_for_BMW_&_DC/engine.259.fake.jpg
> anywhere else than only on my HDD, shouldn't this file be converted to
>  /d98/d4/d2/d65/d1/23.file
> e.g., or something like that (random directory & filenames) within
> debugreiserfs, in general?!

This question was brought already, so I think I will add it to the FAQ now.
It is impossible to do this. Each directory entry is accompanied with
the hash value calculated of the name, if you change the name, hash value will differ.
(and entries are sorted in hash-order, so you cannot change hash value too).

> I don't know if that is a serious security issue. But it is one.

As long as you do not redistribute this info, there is no issue, I believe.

> No no, I don't doubt your developers' debugging cyle and purpose at all.
> But I don't need you (and others if we couldn't establish a secure
> connection) to read our filenames. In case of real failure we may not
> be able to rename anything any more, you know..

Well, in this case we won't be able to debug the problem, it seems.
Unless you will be able to describe what happened so good, that we will
be able reproduce it ourselves.

And you know, in case of real corruptions, not only filenames are included in dump,
parts of the file's tails could be included as well.

Bye,
    Oleg

Re: Debugreiserfs Security Question (3.6.7-pre1)

[Hans Reiser]

Manuel Krause wrote:

> Hi!
>
> If I currently use debugreiserfs -p  /dev/xxx | gzip -c > xxx.gz and
> later for testing gunzip -c xxx.gz | unpack /dev/yyy  I get the same
> filenames on the last target partition. (with reiserfsprogs 3.6.7-pre1)
>
>
> If I don't want to spread info about
>  /home/manuel/my_car/tech_overview/lies_for_BMW_&_DC/engine.259.fake.jpg
> anywhere else than only on my HDD, shouldn't this file be converted to
>  /d98/d4/d2/d65/d1/23.file
> e.g., or something like that (random directory & filenames) within
> debugreiserfs, in general?!
>
> I don't know if that is a serious security issue. But it is one.
>
> No no, I don't doubt your developers' debugging cyle and purpose at all.
> But I don't need you (and others if we couldn't establish a secure
> connection) to read our filenames. In case of real failure we may not
> be able to rename anything any more, you know..
>
>
> Best regards,
>
> Manuel Krause
>
>
> (The filenames mentioned above have NO real meaning in ANY sense.)
>
>
>
If you are considering the use of reiserfs for secure government 
purposes then your government should sponsor the on staff addition of a 
reiserfs developer with the security clearances your government 
needs.;-)   Forgive me for thinking that only governments have a lot of 
data that cannot be risked with strangers working in Russia, I know it 
is not entirely true.

-- 
Hans