Re: encryted filesystems

From: Daryll Hofmen (daryll[REMOVE+ME)
Date: 03/17/02


From: "Daryll Hofmen" <daryll[REMOVE+ME]@myrealbox.com>
Date: Sun, 17 Mar 2002 15:29:21 GMT

Ah, so that is why it wasn't working. Unfortunately, I have never coded C
or C++ in linux. I am sortof familiar with the language, but I don't know
how any of the libraries work. So just that short little snippet
accomplishes what the losetup binary does? neato

Kasper Dupont <kasperd@daimi.au.dk> wrote in message
news:3C946CEC.1660E787@daimi.au.dk...
> Daryll Hofmen wrote:
> >
> > Yes, changing the access writes to it, I knew about adding it to the
fstab,
> > but I couldn't get users to access the loop device. I actually tried
> > changing the owner of the loop device but it didn't work at all then.
>
> That might depend on the version of losetup being used.
> The version on my system insists on locking itself
> into memory which is only allowed to root. If device is
> encrypted that will protect the password, but for
> unencrypted devices the locking should not be necesarry.
>
> I actually made my own version of losetup for a completely
> different reason. The original version of losetup only
> supported read/write access. I once in a while wanted to
> attach a file to which I had only read access.
>
> Here is my stripped down losetup:
>
> #include <stdio.h>
> #include <unistd.h>
> #include <fcntl.h>
> #include <sys/ioctl.h>
> #include <linux/loop.h>
>
> int open2(char *name)
> {
> int fd;
> fd=open(name,O_WRONLY);
> if (fd!=-1) return fd;
> fd=open(name,O_RDONLY);
> if (fd!=-1) return fd;
> perror(name);
> return -1;
> }
>
> int main(int argc, char ** argv)
> {
> int lfd,ffd;
> struct loop_info info;
>
> if (argc!=3) {
> printf("usage: %s <device> <file>\n",argv[0]);
> exit(1);
> }
>
> lfd=open2(argv[1]);
> ffd=open2(argv[2]);
> if ((lfd==-1)||(ffd==-1)) exit(1);
>
> memset(&info,0,sizeof(info));
>
> if (ioctl(lfd,LOOP_SET_FD,ffd)) {
> perror("LOOP_SET_FD");
> exit(1);
> }
>
> /*
> info.lo_encrypt_key_size=0;
> info.lo_encrypt_type=LO_CRYPT_NONE;
> info.lo_offset=0;
> strcpy(info.lo_name,"TEST");
> */
>
> if (ioctl(lfd,LOOP_SET_STATUS,&info)) {
> perror("LOOP_SET_STATUS");
> exit(1);
> }
>
> return 0;
> }
>
> AFAIR on some kernel versions this actully was able to
> bypass read protection on files where I had only write
> access.
>
> >
> > Another thing I tried was making a bash script and setting the SUID bit
in
> > it. For some reason though, I still couldn't access the losetup or
mount
> > from a user account. I have never used the SUID bit before so I don't
know
> > how it works. Any comment on that?
>
> The SUID bit cannot be used on scripts. Write a C
> program then you can use the SUID bit. It takes a lot
> of care to write SUId programs without security holes.
>
> >
> > And about the loopback over NFS, any recent documentation relating to
the
> > subject
>
> I don't know. Perhaps somebody else knows?
>
> --
> Kasper Dupont -- der bruger for meget tid på usenet.
> For sending spam use mailto:razor-report@daimi.au.dk