lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080312200236.GE15804@mit.edu>
Date:	Wed, 12 Mar 2008 16:02:36 -0400
From:	Theodore Tso <tytso@....edu>
To:	Matthias Koenig <mkoenig@...e.de>
Cc:	Dave Kleikamp <shaggy@...ux.vnet.ibm.com>, ludwig.nussel@...e.de,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH] [RFC] New fsck option to ignore device-mapper crypto
	devices

On Wed, Mar 12, 2008 at 04:59:03PM +0100, Matthias Koenig wrote:
> 1. Do we agree that fstab fs_passno could be used besides fsck -A by a 
>    separate script to decide if a filesystem (that could not be checked 
>    in the fsck -A phase) should be checked?

Well, historically there have been /etc/fstab entries which look like
this:

/dev/zipdrive       /media/zipdisk   ext3 default,noauto 0 0

This is because there might not be a zip disk in the drive at the time
of the boot.  However, a root user could insert a zip disk, and then
run the command "fsck /dev/zipdrive" and expect it to work, and the
follow that up with "mount /dev/zipdrive".

So passno == 0 can't mean "don't mount the filesystem, ever".  All it
means is "don't mount it at boot".  So I don't think trying to kludge
new fields into fs_passno is the way to go.

------------

So here's another way you could do things that doesn't require any
patches to fsck at all.  Just add "comment=crypto" into the option
field of /etc/fstab, like this.  

/dev/mapper/crypto-frobnitz /crypto1           ext3    comment=crypto  1 1

Then you can skip filesystems that have the comment=crypto in the
options field via:

     fsck -AR -t opts=!comment=crypto

To check all of the filesystems that have the comment=crypto field
via:

     fsck -AR -t opts=comment=crypto

Why did I use "comment=crypto"?  Because if you use "crypto", then
mount will try to pass crypto to the kernel, and if the kernel doesn't
understand an option, it will reject the mount.  Mount doesn't send
"comment" mount options to the kernel, so this works.

Of course, you'll need to modify mount to be able to only mount all
crypto filesystems, or not to mount any crypto filesystems, so you
could change it to understand that "crypto" is not to be passed down
to the kernel, at which point you could just have this in /etc/fstab:

/dev/mapper/crypto-frobnitz /crypto1           ext3    crypto  1 1

And then the fsck invocations would become:

     fsck -AR -t opts=!crypto

and

     fsck -AR -t opts=crypto

Which of course looks much nicer.

I put in the "-t opts=" matching a long time ago (as in 10+ years
ago), because someone had wanted to do something strange like this.  I
had completely forgotten about it until now....

							- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ