Re: Your backup is unsafe!

Robert de Bath (rd103978@home-box.demon.co.uk)
Sun, 1 Aug 1999 14:09:22 +0100 (BST)

On Sun, 1 Aug 1999, Alexander Viro wrote:
> On Sun, 1 Aug 1999, Khimenko Victor wrote:
>
> > You can run dosemu or you can write something like doslfnbk for Linux :-)
> > At your choice. No kernel modifications are needed...
>
> Especially since required ioctls are there. Idea about hardlinks is
> braindead - sorry, but we *can't* allow multiple dentries for a directory
> with our VFS. Anyone who does it has (and acknowledges) severe races
> around the thing and carefully restricts it to root. And yes, I consider
> write access to AFFS as security breach (it allows hardlinks to
> directories) - I can crash the box in a couple of minutes once I've got
> such access. With a little more work - make it execute my code in ring 0.
> Again, *normal* *user* *can* *cause* *stack* *smashing* *in* *kernel*
> *mode* once he has an ability to hardlink directories. Sorry, but such
> things should not be allowed. At all.

Ok, (as I'd forgot to mention) links are a _really_ bad idea. Even so I
didn't realise quite how bad they were!

Apperently the VFAT needs some more cleaning, I imagine when perfect the
short names will have no effect what so ever if the filesystem is mounted
as a VFAT partiton, the only way you'll be able to do anything with them
is with the SAMBA ioctls.

On Sun, 1 Aug 1999, Khimenko Victor wrote:

> On Sun, 1 Aug 1999, Riley Williams wrote:
> > ... why one should be forced
> > to run something like dosemu just for that one task, especially when
> > one can back up everything but the vfat partitions without doing so.
> >
> Since noone fixed tar so far :-) That's all. All needed ioctl's are in
> place. I'm happy with dosemu solution and if you are not then you can fix
> tar...

The problem with linuxlfnbk (or rather I imagine it'd be a shortname backup)
is how do you restore the data ? There's no way to control the short name
VFAT uses is there ?

The DOSEMU method looks good, but after running the doslfnbk you have to
remount the partiton as an MSDOS one to backup using the short names;
awkward. Then how do you restore? I'd not be suprised if you have to boot
DOS to put the LFN's back.

Altering tar is not a solution, you then have to do cpio, afio, bru, mobu
as well as yobu and fdtsobu.

My suggestion with the severly mangled filenames would work with any program
but still has the problem that the filesystem needs remounting in a special
"backup mode".

Ok, possibility (1)
Have a "backup mode" for processes, any process in this mode will
see and be able to control both long an short names as one.
I don't know what the best way of doing it would be:
the process has a particular user or group id specified at mount?
some sort of user level LD_PRELOAD'd library?
a bit in the process table set by system call ?

The filenames returned/used should only differ from the long names if
the short filename is not the same as the short name you'd get creating
the file in an empty directory.

Possibility (2)
SFN_backup and Restore for linux.

This needs a "set_dosfn(lfn, sfn)" ioctl/call in the kernel.
There is a possibility of syncronization problems between the get_sfn and
the actual backup of the file (possibly hours later).

It still leaves the door open for a modified version of tar/cpio/etc or
a LD_PRELOADED library.

Possibility (3)
Ignore it, it's a windows problem :-) :-)

(Scheesh! All these hoops just for gui-dos! :-) )

PS: fdtsobu == "Fred down the street's own backup utility" !!

-- 
Rob.                          (Robert de Bath <http://poboxes.com/rdebath>)
                    <rdebath @ poboxes.com> <http://www.cix.co.uk/~mayday>






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/