From: Theodore Ts'o <tytso@mit.edu>
To: Vineet Joglekar <vintya@excite.com>,
linux-kernel@vger.kernel.org,
linux-c-programming@vger.kernel.org
Subject: Re: Adding a field to ext2_dir_entry_2
Date: Mon, 4 Apr 2005 23:53:14 -0400 [thread overview]
Message-ID: <20050405035314.GB9131@thunk.org> (raw)
In-Reply-To: <20050405011251.GP1753@schnapps.adilger.int>
On Mon, Apr 04, 2005 at 07:12:51PM -0600, Andreas Dilger wrote:
> > Let me be more clear about what I am trying to do. In my masters
> > project, I am encrypting inodes along with the data part of the file. Keys
> > of different users are different. In the same directory, if there are
> > 2 files stored by different users, their inodes will be encrypted with
> > different keys. If user1 is doing "ls" on that directory, the inode
> > of the other file - which is encrypted by user2, will be decrypted by
> > using user1's key, resulting into garbage. To avoid this, I am trying
> > to store the uid in the directry entry, so that I can match it with
> > current->fsuid and skip decrypting the inode if the file doesn't belong
> > to the current user. (assuming user1 doesnt want to share that file and
> > different users can store different files under same directory.)
>
> This is broken by design. What happens if you chown a file? The UID will
> change in the inode, but nothing will be updated in the directory. This
> key must be stored in the inode along with the ownership info (it can be
> an EA, and possibly a fast EA or fixed inode field in a large inode).
What else is broken about this design. Let me count the ways...
1) What about group access to files?
2) It means that you can't do a filesystem consistency check without
knowing all of the keys, since the block pointers in the inode would
also be encrypted.
3) If user1 has previously accessed the file, the encrypted inode
information will already be cached, and visible when user2 accesses
the file; stat() doesn't result in a call into filesystem code if the
information is already cached.
What's the point of encrypting the inode? What problem are you trying
to solve?
As to why you're having problems:
"ext2-fs error (device fd(2,0)): ext2_check_page: bad entry in directory #2:
unaligned directory entry - offset=0, inode=2, rec_len=46, name_len=0"
46 is ascii for '.'. You missed a spot in mke2fs where you changed
the directory entry structure. Specifically, in libext2fs, and note
that some portions of the ext2fs library which still use
ext2_dir_entry as well as ext2_dir_entry_2, for historical / ABI
backwards compatibility reasons.
- Ted
next prev parent reply other threads:[~2005-04-05 3:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 0:08 Adding a field to ext2_dir_entry_2 Vineet Joglekar
2005-04-04 22:10 ` Christopher Li
2005-04-05 1:12 ` Andreas Dilger
2005-04-05 3:53 ` Theodore Ts'o [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-04-04 22:54 Vineet Joglekar
2005-04-04 23:17 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050405035314.GB9131@thunk.org \
--to=tytso@mit.edu \
--cc=linux-c-programming@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vintya@excite.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).