Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ZFS and block deduplication



Edward Ned Harvey wrote:
> (2) We're assuming the data in question is not being maliciously formed for
> the purposes of causing a hash collision.  I think this is a safe
> assumption, because in the event of a collision, you would have two
> different pieces of data that are assumed to be identical and therefore one
> of them is thrown away...  And personally I can accept the consequence of
> discarding data if someone's intentionally trying to break my filesystem
> maliciously.

I think the attack vector would be along the lines of an attacker
identifying one or more blocks of a privileged executable, creating
replacement blocks that have both malicious code and cause a hash
collision. They write the blocks to disk, and after the executable
restarts, they have control.

Far fetched, but if they can do it, the consequences are more than just
some corrupted or discarded data.

(Doesn't ZFS also employ overall file hashing to insure the integrity of
a file? (Or is that the verification option you referred to?) If so,
then that would likely thwart this attack vector.)

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org