On Wed, 15 Apr 2015, John Andre Taule wrote:
The guy that did this to us got 3 months jail. His argument was that we should have failed the system manually (removed the disk that he targeted with "dd"), and the raid should have magically fixed itself. Anyone think this would have worked? It was 5 hours of heavy write and deletes to the file system (ext4) and all that time the dd command where running.
Not a chance, after 5 hours dd basically had overwritten 1/3 of the data spread out across a large portion of the volume. We're talking massive file and filesystem corruption.
I don't know enough about zfs, but I am under the impression that zfs perhaps could have detected the bad information (because checksum would no longer match on those blocks) if you would have had native zfs to create the raid5. I don't have personal experience with zfs though, someone else might be able to answer that part.
It's really hard to protect against this kind of intentional sabotage. Even if you would have run zfs instead, he could have just dd:ed to the actual raid volume instead.
-- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
