ZFS and block deduplication
Edward Ned Harvey
blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org
Wed Apr 27 09:50:09 EDT 2011
> From: Tom Metro [mailto:tmetro-blu-5a1Jt6qxUNc at public.gmane.org]
>
> I think the attack vector would be along the lines of an attacker
> identifying one or more blocks of a privileged executable, creating
> replacement blocks that have both malicious code and cause a hash
> collision. They write the blocks to disk, and after the executable
> restarts, they have control.
Yup, interesting.
It would be pretty difficult, however, because (a) identifying such an
exploitable collision is so difficult, and (b) whichever data got written to
disk first would be the copy that "wins." Meaning - The attacker could not
look at an existing filesystem and then try to corrupt something that
already exists. They would have to predict that an admin is going to
install something, find the corrupted version of something, get the
corrupted version onto disk first, and then get the admin to create what
they think is a non-corrupted thing.
Difficult, but certainly not impossible if verification is disabled.
More information about the Discuss
mailing list