Full Disclosure mailing list archives
Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me)
From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 30 May 2011 17:09:38 -0700
On 2011-05-30, at 16:27, coderman wrote:
On Mon, May 30, 2011 at 6:56 AM, halfdog <me () halfdog net> wrote:It seems that quite a few backup applications are (or were) vulnerable to special combined symlink/timing attacks on pathname components before the last one (so O_NOFOLLOW does not help). ... Please let me know, if ... you have good reason, that the kernel interface is not the point, where this issue could be addressed most efficiently.use lvm snapshots for backups, either directly at volume level or mounting a read-only snapshot and running backup over that static filesystem state.
LVM snapshots have some nasty gotchas, though: https://bugs.launchpad.net/lvm2/+bug/360237 They also don't solve the problem of restoring a fragment of data (e.g, a single accidentally deleted file) from a backup in an untrustworthy environment. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Andrew Farmer (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- [Security Tool] INSECT Pro 2.6.1 is here Juan Sacco (May 30)
- Re: [Security Tool] INSECT Pro 2.6.1 is here Jeff Blaum (May 31)
- Re: [Security Tool] INSECT Pro 2.6.1 is here Peter Osterberg (May 31)
- Re: [Security Tool] INSECT Pro 2.6.1 is here ichib0d crane (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Andrew Farmer (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Valdis . Kletnieks (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)