Re: Ext4 data structures integrity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Sep 29, 2011 at 4:55 PM, Ted Ts'o <tytso@xxxxxxx> wrote:
> On Thu, Sep 29, 2011 at 04:33:52PM +0300, Kasatkin, Dmitry wrote:
>> >>
>> >> There is work currently being done to add checksums for detecting filesystem corruption (see list archive). However, if the attacker can binary edit the underlying disk device then they can also edit the checksums (crc32c) at the same time.
>> >>
>> >> The only secure way to handle this would be a crypto checksum with a secret key.
>> >
>>
>> Can you please give me some links to it????
>
> Darrick Wong has been sending patches to the linux-ext4 mailing for
> review to use crc32c to protect various parts of the file system
> metadata.
>
> There has been no work to the "crypto checksum with a secret key" bit;
> the hard part is where you would securely store the secret key so that
> only a trusted kernel has access to it.
>
>                                      - Ted
>

Hello again,

Running fsck on modified file system image with multiply-claimed block
gives such output
---------------------------------------
fsck 1.41.9 (22-Aug-2009)
e2fsck 1.41.9 (22-Aug-2009)
Pass 1: Checking inodes, blocks, and sizes

Running additional passes to resolve blocks claimed by more than one inode...
Pass 1B: Rescanning for multiply-claimed blocks
Multiply-claimed block(s) in inode 12: 1326
Multiply-claimed block(s) in inode 13: 1326
Pass 1C: Scanning directories for inodes with multiply-claimed blocks
Pass 1D: Reconciling multiply-claimed blocks
(There are 2 inodes containing multiply-claimed blocks.)

File /foo.hack (inode #12, mod time Fri Oct  7 11:27:03 2011)
  has 1 multiply-claimed block(s), shared with 1 file(s):
        /foo (inode #13, mod time Fri Oct  7 10:41:38 2011)
Clone multiply-claimed blocks<y>?
----------------------------

For large file system to run fsck takes a while..
One of the solution to decrease checking time is just to check only
for multiply-claimed blocks...
Could you please tell how many times faster it will be comparing just
to running fsck as it is...

Thanks,

Dmitry
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux