From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Kasatkin, Dmitry" Subject: Re: Ext4 data structures integrity Date: Wed, 28 Sep 2011 18:19:12 +0300 Message-ID: References: <20110928135626.GA19032@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: linux-fsdevel@vger.kernel.org To: "Ted Ts'o" Return-path: Received: from mga10.intel.com ([192.55.52.92]:48435 "EHLO fmsmga102.fm.intel.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754761Ab1I1PTp convert rfc822-to-8bit (ORCPT ); Wed, 28 Sep 2011 11:19:45 -0400 Received: by wyh11 with SMTP id 11so110431wyh.25 for ; Wed, 28 Sep 2011 08:19:43 -0700 (PDT) In-Reply-To: <20110928135626.GA19032@thunk.org> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, Sep 28, 2011 at 4:56 PM, Ted Ts'o wrote: > On Wed, Sep 28, 2011 at 04:42:22PM +0300, Kasatkin, Dmitry wrote: >> Hello, >> >> I have a question about Ext4 data structure integrity. >> >> On Ext3 file system I was able to modify offline inode block mapping >> in such a way, >> that 2 inodes did point to the same data blocks, so when modifying o= ne >> file, did affect another file.. >> FSCK detects such problems and create duplicated blocks, so that ino= de >> content will not overlap... >> >> Does Ext4 suffers from the same problem? > > That's not a problem that's a feature! > > It's REALLY REALLY BAD to try to corrupt the file system the way you > are doing. =C2=A0If you at some point delete one of the files, then t= hat > block will be marked free, and will get reused for something else, > which will then result in all sorts of data consistency problems. > > Worse yet, if the block gets reused as a directory block, and then yo= u > modify the remaining file, you could end up corrupting the file syste= m > itself, leading to the loss of access many, many files. > > Since ext4 uses the same file system consistency checker as ext3, it > will also find this sort of file system CORRUPTION, and correct it by > duplicating the blocks. > > Why in the world would you want to do such a crazy thing in the first > place? > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0- Ted > Hello, Thank you for the quick response. I work on integrity protection subsystem IMA/EVM (linux/security/integr= ity). The target is to protect against offline modifications. Using block re-mapping I was able to implement simple attack which allows to circumvent IMA integrity verification. In order to prevent this kind of attack, it is necessary to run fsck ev= ery boot. I want to know if there is a better way to prevent such attacks... Thanks, Dmitry -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel= " in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html