| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 May 2011 17:09:38 -0700 From: Andrew Farmer <andfarm@...il.com> To: coderman <coderman@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) On 2011-05-30, at 16:27, coderman wrote: > On Mon, May 30, 2011 at 6:56 AM, halfdog <me@...fdog.net> wrote: >> >> It seems that quite a few backup applications are (or were) vulnerable >> to special combined symlink/timing attacks on pathname components before >> the last one (so O_NOFOLLOW does not help). >> ... >> Please let me know, if ... you >> have good reason, that the kernel interface is not the point, where this >> issue could be addressed most efficiently. > > use lvm snapshots for backups, either directly at volume level or > mounting a read-only snapshot and running backup over that static > filesystem state. LVM snapshots have some nasty gotchas, though: https://bugs.launchpad.net/lvm2/+bug/360237 They also don't solve the problem of restoring a fragment of data (e.g, a single accidentally deleted file) from a backup in an untrustworthy environment. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists