From: "Kasatkin, Dmitry" <dmitry.kasatkin@intel.com>
To: "Ted Ts'o" <tytso@mit.edu>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: Ext4 data structures integrity
Date: Wed, 28 Sep 2011 18:19:12 +0300 [thread overview]
Message-ID: <CALLzPKb8vHLnUDd=pOMc3FHM45UOYwBEsRxmnza3jj6yS+rngg@mail.gmail.com> (raw)
In-Reply-To: <20110928135626.GA19032@thunk.org>
On Wed, Sep 28, 2011 at 4:56 PM, Ted Ts'o <tytso@mit.edu> wrote:
> On Wed, Sep 28, 2011 at 04:42:22PM +0300, Kasatkin, Dmitry wrote:
>> Hello,
>>
>> I have a question about Ext4 data structure integrity.
>>
>> On Ext3 file system I was able to modify offline inode block mapping
>> in such a way,
>> that 2 inodes did point to the same data blocks, so when modifying one
>> file, did affect another file..
>> FSCK detects such problems and create duplicated blocks, so that inode
>> content will not overlap...
>>
>> Does Ext4 suffers from the same problem?
>
> That's not a problem that's a feature!
>
> It's REALLY REALLY BAD to try to corrupt the file system the way you
> are doing. If you at some point delete one of the files, then that
> block will be marked free, and will get reused for something else,
> which will then result in all sorts of data consistency problems.
>
> Worse yet, if the block gets reused as a directory block, and then you
> modify the remaining file, you could end up corrupting the file system
> itself, leading to the loss of access many, many files.
>
> Since ext4 uses the same file system consistency checker as ext3, it
> will also find this sort of file system CORRUPTION, and correct it by
> duplicating the blocks.
>
> Why in the world would you want to do such a crazy thing in the first
> place?
>
> - Ted
>
Hello,
Thank you for the quick response.
I work on integrity protection subsystem IMA/EVM (linux/security/integrity).
The target is to protect against offline modifications.
Using block re-mapping I was able to implement simple attack which
allows to circumvent IMA integrity verification.
In order to prevent this kind of attack, it is necessary to run fsck every boot.
I want to know if there is a better way to prevent such attacks...
Thanks,
Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-09-28 15:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-28 13:42 Ext4 data structures integrity Kasatkin, Dmitry
2011-09-28 13:56 ` Ted Ts'o
2011-09-28 15:19 ` Kasatkin, Dmitry [this message]
2011-09-28 15:45 ` Ted Ts'o
2011-09-29 12:24 ` Kasatkin, Dmitry
2011-09-29 12:56 ` Ted Ts'o
2011-09-29 13:32 ` Kasatkin, Dmitry
2011-09-28 17:16 ` Andreas Dilger
2011-09-29 12:31 ` Kasatkin, Dmitry
2011-09-29 13:33 ` Kasatkin, Dmitry
2011-09-29 13:55 ` Ted Ts'o
2011-10-07 11:40 ` Kasatkin, Dmitry
[not found] ` <64BEDF63-5861-47C9-AC90-F41768D09F17@mit.edu>
2011-10-07 14:20 ` Kasatkin, Dmitry
2011-10-07 15:22 ` Theodore Tso
2011-11-08 23:44 ` Mimi Zohar
2011-11-10 11:21 ` Kasatkin, Dmitry
2011-09-29 16:35 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALLzPKb8vHLnUDd=pOMc3FHM45UOYwBEsRxmnza3jj6yS+rngg@mail.gmail.com' \
--to=dmitry.kasatkin@intel.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).