From: Stefan Ring <stefanrin@gmail.com>
To: linux-xfs@vger.kernel.org
Subject: [PATCH 0/1] Try to squash metadump data leaks
Date: Thu, 4 Oct 2018 22:57:48 +0200 [thread overview]
Message-ID: <20181004205749.2042-1-stefanrin@gmail.com> (raw)
This is inspired by a thread last year when someone intended to
collect metadata about filesystems and I would have been happy to
help, except that I noticed lots of left-over data in the dump that
should never have been there. I would not have worried that much about
some fragments of Python code or directory listings, but the
possibility of recognizable customer data (potentially even
cryptographic keys) made it unthinkable to share this.
My method of coming up with these patches was: Pipe a metadump of my
reference image through "strings -n 10" and scroll until something
recognizable catches my eye. This did not take too long, usually. Find
the origin of the found leak and squash it (using "XFS File System
Structure" from the wiki). Repeat until there is nothing recognizable
left. Said image is a 1.1 TB volume created in early 2012 and used
daily ever since on our development server, containing about 12
million inodes (mostly hundreds of checkouts of our main Mercurial
repo with about 15000 files in it).
I have not submitted a patch before, and I don't think I will be
particularly pushy with this one. It exists mostly to inform you of my
findings. I have not dealt at all with a v3 filesystem. TBH, I don't
even know what this is and how to create one. Looking at the metadump
code as it exists now, it would likely have been much safer to copy
just the required contents as opposed to copying everything and then
trying to find every nook and cranny where unwanted stuff could seep
through.
Stefan Ring (1):
xfs_metadump: Zap more stale data
db/metadump.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 69 insertions(+), 5 deletions(-)
--
2.14.4
next reply other threads:[~2018-10-05 3:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-04 20:57 Stefan Ring [this message]
2018-10-04 20:57 ` [PATCH 1/1] xfs_metadump: Zap more stale data Stefan Ring
2018-10-04 22:23 ` Darrick J. Wong
2018-10-05 20:46 ` Stefan Ring
2018-10-05 20:57 ` Darrick J. Wong
2018-10-05 20:35 ` Stefan Ring
2018-10-05 20:40 ` Darrick J. Wong
2018-10-07 9:43 ` Stefan Ring
2018-10-07 11:57 ` Stefan Ring
2018-10-07 16:21 ` Darrick J. Wong
2018-10-10 9:37 ` Stefan Ring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181004205749.2042-1-stefanrin@gmail.com \
--to=stefanrin@gmail.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).