lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 Mar 2021 01:37:29 -0700
From:   Andreas Dilger <adilger@...ger.ca>
To:     Theodore Ts'o <tytso@....edu>
Cc:     George Goffe <grgoffe@...il.com>, linux-ext4@...r.kernel.org
Subject: Re: Scrubbing filenames from meta-data dump of ext4 filesystems

On Mar 8, 2021, at 2:40 PM, Theodore Ts'o <tytso@....edu> wrote:
> 
> On Mon, Mar 08, 2021 at 12:01:46PM -0800, George Goffe wrote:
>> Howdy,
>> 
>> I'm helping to shoot a bug on a Fedora Core 35 system and have been
>> requested to provide a meta-data dump of the problem filesystem. The
>> filenames are restricted so I need to scrub this file  before sending
>> it.
>> 
>> Does ext4 have a facility whereby I can scrub the filenames from the dump?
> 
> Yes, please see the following excerpt from the e2image man page:
> 
>    This will only send the metadata information, without any data
>    blocks.  However, the filenames in the directory blocks can still
>    reveal information about the contents of the filesystem that the
>    bug reporter may wish to keep confidential.  To address this
>    concern, the -s option can be specified.  This will cause e2image
>    to scramble directory entries and zero out any unused portions of
>    the directory blocks before writing the image file.  However, the
>    -s option will prevent analysis of problems related to hash-tree
>    indexed directories.

I had actually looked for this option in the e2image man page in order
to reply to this email, but I couldn't find it and wondered if I had
mis-remembered the existence of this functionality.

I've pushed a patch that reorganizes the e2image man page to list all
of the options explicitly in a separate OPTIONS section, rather than
putting them inline in the text, which makes it hard to find them.

Cheers, Andreas

> The -s option can be used with the -r and -Q options to e2image, for
> creating raw and qcow2 image dumps, respectively.  Because the
> filenames have been scrambled, this will invalidate the hash-tree
> indexes for the directory, so e2fsck will complain about this.  But
> for some kinds of corruption, the -s option can provide data when the
> customer would otherwise not be willing to provide a metadata-only
> dump of the file system.
> 
> Hope this helps,
> 
> 				- Ted


Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ