Full Disclosure: Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me)

Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me)

From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 30 May 2011 17:09:38 -0700

On 2011-05-30, at 16:27, coderman wrote:

On Mon, May 30, 2011 at 6:56 AM, halfdog <me () halfdog net> wrote:


It seems that quite a few backup applications are (or were) vulnerable
to special combined symlink/timing attacks on pathname components before
the last one (so O_NOFOLLOW does not help).
...
Please let me know, if ... you
have good reason, that the kernel interface is not the point, where this
issue could be addressed most efficiently.


use lvm snapshots for backups, either directly at volume level or
mounting a read-only snapshot and running backup over that static
filesystem state.


LVM snapshots have some nasty gotchas, though:

https://bugs.launchpad.net/lvm2/+bug/360237

They also don't solve the problem of restoring a fragment of data (e.g, a single accidentally deleted file) from a 
backup in an untrustworthy environment.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
  - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Andrew Farmer (May 31)
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 31)
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 31)
    - [Security Tool] INSECT Pro 2.6.1 is here Juan Sacco (May 31)
    - Re: [Security Tool] INSECT Pro 2.6.1 is here Jeff Blaum (May 31)
    - Re: [Security Tool] INSECT Pro 2.6.1 is here Peter Osterberg (May 31)
    - Re: [Security Tool] INSECT Pro 2.6.1 is here ichib0d crane (May 31)
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Valdis . Kletnieks (May 31)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
    - Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 31)