From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hans Reiser Subject: Re: Debugreiserfs Security Question (3.6.7-pre1) Date: Mon, 23 Jun 2003 12:20:26 +0400 Message-ID: <3EF6B84A.5070302@namesys.com> References: <3EF27041.6060401@netscape.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: list-help: list-unsubscribe: list-post: Errors-To: flx@namesys.com In-Reply-To: <3EF27041.6060401@netscape.net> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Manuel Krause Cc: reiserfs-list Manuel Krause wrote: > Hi! > > If I currently use debugreiserfs -p /dev/xxx | gzip -c > xxx.gz and > later for testing gunzip -c xxx.gz | unpack /dev/yyy I get the same > filenames on the last target partition. (with reiserfsprogs 3.6.7-pre1) > > > If I don't want to spread info about > /home/manuel/my_car/tech_overview/lies_for_BMW_&_DC/engine.259.fake.jpg > anywhere else than only on my HDD, shouldn't this file be converted to > /d98/d4/d2/d65/d1/23.file > e.g., or something like that (random directory & filenames) within > debugreiserfs, in general?! > > I don't know if that is a serious security issue. But it is one. > > No no, I don't doubt your developers' debugging cyle and purpose at all. > But I don't need you (and others if we couldn't establish a secure > connection) to read our filenames. In case of real failure we may not > be able to rename anything any more, you know.. > > > Best regards, > > Manuel Krause > > > (The filenames mentioned above have NO real meaning in ANY sense.) > > > If you are considering the use of reiserfs for secure government purposes then your government should sponsor the on staff addition of a reiserfs developer with the security clearances your government needs.;-) Forgive me for thinking that only governments have a lot of data that cannot be risked with strangers working in Russia, I know it is not entirely true. -- Hans