From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CERMm-0006UK-C3
	for qemu-devel@nongnu.org; Mon, 04 Oct 2004 07:50:56 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CERMl-0006U0-VC
	for qemu-devel@nongnu.org; Mon, 04 Oct 2004 07:50:56 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CERMl-0006Tu-Rx
	for qemu-devel@nongnu.org; Mon, 04 Oct 2004 07:50:55 -0400
Received: from [62.241.160.193] (helo=pengo.systems.pipex.net)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1CERFp-00082q-N9
	for qemu-devel@nongnu.org; Mon, 04 Oct 2004 07:43:47 -0400
From: Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] remark about http://www.freeoszoo.org
Date: Mon, 4 Oct 2004 12:43:42 +0100
References: <20041002131621.GA90530@aseed.antenna.nl>
	<cd8ecdef041003235011f39986@mail.gmail.com>
	<20041004112907.GB18436@xi.wantstofly.org>
In-Reply-To: <20041004112907.GB18436@xi.wantstofly.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200410041243.42601.paul@codesourcery.com>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Monday 04 October 2004 12:29, Lennert Buytenhek wrote:
> On Mon, Oct 04, 2004 at 02:50:31AM -0400, Karl Magdsick wrote:
> > Free OS Zoo suggests using dd with the seek= option in the _specific_
> > case of Linux, which appears to be safe.  My comment was explicitly a
> > note of caution in the _general_ case.
>
> Yep.  As well as:
>
>  "[...] the image will likely contain parts of deleted files from
>  the host OS."
>
> Just curious, do you have an example of any such system where this
> would be the case?  I don't know of any system that doesn't support
> sparse files and doesn't pad out the file with zeroes if you
> truncate(2) it to be bigger.

I'm fairly sure any half-sane OS will zero the "sparse" bits of a file on 
allocation. IIRC even Windows NT does zero the sparse bits of a file.
Failure to do so would be a rather large security hole, effectively allowing 
unprivileged users to read privileged data.

IMHO the original post is unjustified paranoia, rather than reasonable 
caution.

Paul