lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 10 Mar 2021 09:11:06 -0800
From:   George Goffe <grgoffe@...il.com>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     "Theodore Ts'o" <tytso@....edu>, linux-ext4@...r.kernel.org
Subject: Re: Scrubbing filenames from meta-data dump of ext4 filesystems

Andreas,

Thank you for all your help!

Best regards,

George...

On Tue, Mar 9, 2021 at 12:37 AM Andreas Dilger <adilger@...ger.ca> wrote:
>
> On Mar 8, 2021, at 2:40 PM, Theodore Ts'o <tytso@....edu> wrote:
> >
> > On Mon, Mar 08, 2021 at 12:01:46PM -0800, George Goffe wrote:
> >> Howdy,
> >>
> >> I'm helping to shoot a bug on a Fedora Core 35 system and have been
> >> requested to provide a meta-data dump of the problem filesystem. The
> >> filenames are restricted so I need to scrub this file  before sending
> >> it.
> >>
> >> Does ext4 have a facility whereby I can scrub the filenames from the dump?
> >
> > Yes, please see the following excerpt from the e2image man page:
> >
> >    This will only send the metadata information, without any data
> >    blocks.  However, the filenames in the directory blocks can still
> >    reveal information about the contents of the filesystem that the
> >    bug reporter may wish to keep confidential.  To address this
> >    concern, the -s option can be specified.  This will cause e2image
> >    to scramble directory entries and zero out any unused portions of
> >    the directory blocks before writing the image file.  However, the
> >    -s option will prevent analysis of problems related to hash-tree
> >    indexed directories.
>
> I had actually looked for this option in the e2image man page in order
> to reply to this email, but I couldn't find it and wondered if I had
> mis-remembered the existence of this functionality.
>
> I've pushed a patch that reorganizes the e2image man page to list all
> of the options explicitly in a separate OPTIONS section, rather than
> putting them inline in the text, which makes it hard to find them.
>
> Cheers, Andreas
>
> > The -s option can be used with the -r and -Q options to e2image, for
> > creating raw and qcow2 image dumps, respectively.  Because the
> > filenames have been scrambled, this will invalidate the hash-tree
> > indexes for the directory, so e2fsck will complain about this.  But
> > for some kinds of corruption, the -s option can provide data when the
> > customer would otherwise not be willing to provide a metadata-only
> > dump of the file system.
> >
> > Hope this helps,
> >
> >                               - Ted
>
>
> Cheers, Andreas
>
>
>
>
>


-- 
It's not what you know that hurts you, it's what you KNOW that AINT
so. WIll Rodgers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ