* [Help] How to Replace File Operations in File System? @ 2014-02-13 2:10 freeman 2014-02-13 6:44 ` Abhijit Chandrakant Pawar 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-13 2:10 UTC (permalink / raw) To: kernelnewbies Hi list, I am a newbie in linux kernel programming. Recently I got stuck in a problem when doing practice in file system programming. I hope this list is the right place I can turn to. I want to replace some file operations of files in a certain directory,so that data can be decrypted/encrypted through read/write system call. So I: #1: Find the directory inode, save its original inode operation table,then replace the table: kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path); lower_iops = target_dir_path.dentry->d_inode->i_op; target_dir_path.dentry->d_inode->i_op = &my_iops; #2: In my_iops, I mainly changed ".lookup" function like this to achive my goal ?? replace the file operation table of all files in the directory. static struct dentry *my_inode_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { struct dentry *ret_dentry; ret_dentry = lower_iops->lookup(dir,dentry,nd); if (!ret_dentry) goto out; ret_dentry->d_inode->i_fop = &my_fops; out: return ret_dentry; } Things turns out that replacement of inode operation table of directory is successful but the changes in file operations are not functional: system works as it used to, totally ignore my_fops! I have no idea how to fix it. Can anybody help? Thanks for your attention! Regards Freeman Zhang ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 2:10 [Help] How to Replace File Operations in File System? freeman @ 2014-02-13 6:44 ` Abhijit Chandrakant Pawar 2014-02-13 6:59 ` Saket Sinha ` (2 more replies) 0 siblings, 3 replies; 19+ messages in thread From: Abhijit Chandrakant Pawar @ 2014-02-13 6:44 UTC (permalink / raw) To: kernelnewbies Hi, On Thursday 13 February 2014 07:40 AM, freeman wrote: > Hi list, > > I am a newbie in linux kernel programming. Recently I got stuck in a > problem when doing > practice in file system programming. I hope this list is the right place > I can turn to. > > I want to replace some file operations of files in a certain > directory,so that data can be > decrypted/encrypted through read/write system call. So I: > > #1: Find the directory inode, save its original inode operation > table,then replace > the table: > > kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path); > lower_iops = target_dir_path.dentry->d_inode->i_op; > target_dir_path.dentry->d_inode->i_op = &my_iops; > I assume that you are writing your own stackable filesystem. Take a look at WRAPFS[1] and ecryptfs[2]. As a matter of fact, ecryptfs does what you are expecting. To do this, you need to set your superblock operations for the lower directory inode so the VFS use your filesystem instead of the original filesystem. Important steps to look are: 1. get lower superblock from the lower directory inode 2. assign this superblock as an overlay for your own superblock. 3. Set your own superblock operations for the new superblock 4. get a root inode for your superblock using the lower directory inode 5. While you are getting the inode, you can set the file operations on this inode which will help you achieve your case. The point to note that you need to interpose the inodes with VFS so that everything would be routed to your filesystem. -- Abhijit. [1]http://wrapfs.filesystems.org/ [2]http://ecryptfs.org/ > #2: In my_iops, I mainly changed ".lookup" function like this to achive > my goal ?? > replace the file operation table of all files in the directory. > > static struct dentry *my_inode_lookup(struct inode *dir, struct dentry > *dentry, > struct nameidata *nd) > { > struct dentry *ret_dentry; > > ret_dentry = lower_iops->lookup(dir,dentry,nd); > if (!ret_dentry) > goto out; > ret_dentry->d_inode->i_fop = &my_fops; > out: > return ret_dentry; > } > > Things turns out that replacement of inode operation table of directory > is successful > but the changes in file operations are not functional: system works as > it used to, > totally ignore my_fops! > > I have no idea how to fix it. Can anybody help? > Thanks for your attention! > Regards > > Freeman Zhang > > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 6:44 ` Abhijit Chandrakant Pawar @ 2014-02-13 6:59 ` Saket Sinha 2014-02-13 11:47 ` Rishi Agrawal 2014-02-13 13:26 ` freeman 2 siblings, 0 replies; 19+ messages in thread From: Saket Sinha @ 2014-02-13 6:59 UTC (permalink / raw) To: kernelnewbies For encrypt/decrypt on file operations, a stackable filesystem needs to exist between VFS and the lower filesystem(suppose ext4) and that is what wrapfs and ecryptfs does. Regards, Saket Sinha ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 6:44 ` Abhijit Chandrakant Pawar 2014-02-13 6:59 ` Saket Sinha @ 2014-02-13 11:47 ` Rishi Agrawal 2014-02-13 13:28 ` freeman 2014-02-13 13:26 ` freeman 2 siblings, 1 reply; 19+ messages in thread From: Rishi Agrawal @ 2014-02-13 11:47 UTC (permalink / raw) To: kernelnewbies Hi, On Thu, Feb 13, 2014 at 12:14 PM, Abhijit Chandrakant Pawar < abhi.c.pawar@gmail.com> wrote: > Hi, > > On Thursday 13 February 2014 07:40 AM, freeman wrote: > > Hi list, > > > > I am a newbie in linux kernel programming. Recently I got stuck in a > > problem when doing > > practice in file system programming. I hope this list is the right place > > I can turn to. > > > > I want to replace some file operations of files in a certain > > directory,so that data can be > > decrypted/encrypted through read/write system call. So I: > > > > #1: Find the directory inode, save its original inode operation > > table,then replace > > the table: > > > > kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path); > > lower_iops = target_dir_path.dentry->d_inode->i_op; > > target_dir_path.dentry->d_inode->i_op = &my_iops; > > > I assume that you are writing your own stackable filesystem. > Take a look at WRAPFS[1] and ecryptfs[2]. As a matter of fact, ecryptfs > does what you are expecting. > > To do this, you need to set your superblock operations for the lower > directory inode so the VFS use your filesystem instead of the original > filesystem. > Important steps to look are: > 1. get lower superblock from the lower directory inode > 2. assign this superblock as an overlay for your own superblock. > 3. Set your own superblock operations for the new superblock > 4. get a root inode for your superblock using the lower directory inode > 5. While you are getting the inode, you can set the file operations on > this inode which will help you achieve your case. > > The point to note that you need to interpose the inodes with VFS so that > everything would be routed to your filesystem. > > -- > Abhijit. > [1]http://wrapfs.filesystems.org/ > [2]http://ecryptfs.org/ > > > > #2: In my_iops, I mainly changed ".lookup" function like this to achive > > my goal ?? > > replace the file operation table of all files in the directory. > > > > static struct dentry *my_inode_lookup(struct inode *dir, struct dentry > > *dentry, > > struct nameidata *nd) > > { > > struct dentry *ret_dentry; > > > > ret_dentry = lower_iops->lookup(dir,dentry,nd); > > if (!ret_dentry) > > goto out; > > ret_dentry->d_inode->i_fop = &my_fops; > > out: > > return ret_dentry; > > } > > > > Things turns out that replacement of inode operation table of directory > > is successful > > but the changes in file operations are not functional: system works as > > it used to, > > totally ignore my_fops! > > > > I have no idea how to fix it. Can anybody help? > > Thanks for your attention! > > Regards > > > > Freeman Zhang > > > > > > _______________________________________________ > > Kernelnewbies mailing list > > Kernelnewbies at kernelnewbies.org > > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > Freeman - What you are doing seems to be correct - you may have missed some pointer some where. Which file system are you using, are you writing a layer on an existing file system or changing the code of a file system Try adding some debug messages whenever you change the operations which prints the dentry->name of the file, you will get an idea that the correct file's operations are getting modified. -- Regards, Rishi Agrawal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140213/ca8b5afc/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 11:47 ` Rishi Agrawal @ 2014-02-13 13:28 ` freeman 2014-02-17 8:06 ` Rishi Agrawal 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-13 13:28 UTC (permalink / raw) To: kernelnewbies Hi Rishi, Thanks for your reply! I'm sorry that the description of the problem was not clear. I am writing a module(not a filesystem) to replace some operation pointers of Ext4. Just now, I try to print the dentry->name as you said. It seems that I'm modifying the right files. I'm wonderring if my idea is bad: I changed operations of a file both in ->create and ->lookup in inode operations of direcotry. And test the module like this: echo hello > hello (for dir_inode->create and f->write) cat hello (for f->read) Will the file operations be changed back? Or what I modified is some copies of real objects because of the complex caching mechanism? Regards Freeman Zhang ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 13:28 ` freeman @ 2014-02-17 8:06 ` Rishi Agrawal 2014-02-18 4:34 ` freeman 0 siblings, 1 reply; 19+ messages in thread From: Rishi Agrawal @ 2014-02-17 8:06 UTC (permalink / raw) To: kernelnewbies Hi On Thu, Feb 13, 2014 at 6:58 PM, freeman <freeman.zhang1992@gmail.com>wrote: > Hi Rishi, > > Thanks for your reply! > > I'm sorry that the description of the problem was not clear. > > I am writing a module(not a filesystem) to replace some operation > pointers of Ext4. > Just now, I try to print the dentry->name as you said. It seems > that I'm modifying the right files. > > I'm wonderring if my idea is bad: > I changed operations of a file both in ->create and ->lookup in > inode operations of direcotry. And test the module like this: > > echo hello > hello (for dir_inode->create and f->write) > cat hello (for f->read) > > > Will the file operations be changed back? > Or what I modified is some copies of real objects because of the > complex caching mechanism? > > Regards > > Freeman Zhang > > > The operations will not change back until your object gets destroyed, whatever be the type of the object. Caching will not cause any issue here. Maybe if you can send the code we can have a look at it. -- Regards, Rishi Agrawal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140217/72a74453/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-17 8:06 ` Rishi Agrawal @ 2014-02-18 4:34 ` freeman [not found] ` <CADDndfPhe=iHKtB0_eTYpoAAUJDTkOchUakbOyKveVdkAOLrMQ@mail.gmail.com> 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-18 4:34 UTC (permalink / raw) To: kernelnewbies > Hi > > The operations will not change back until your object gets destroyed, > whatever be the type of the object. > > Caching will not cause any issue here. > > Maybe if you can send the code we can have a look at it. > > > -- > Regards, > Rishi Agrawal Hi Rishi, It's very nice of you willing to help check my code! I'm now very excited ? problem solved! I spent half a day beautifying my code yesterday (so that it won't annoy you that much), and find there is a problem: Every time there is a read/write system call, I saved the lower file ops and address space ops. In their replacement(upper operations), I invoked lower ones. There's a possibility that it might saved the upper operations as lower ones if I open them twice in a short time. At this point, upper operation invoke itself! So I check the operations before truly save and replace them and, it works! Thanks to you and all the amazing people in this amazing list that helped me, now I get both wrapfs and my own non-filesystem module functional for my future work on transparent encryption, and most importantly, I've learned and enjoyed a lot! Regards Freeman Zhang ^ permalink raw reply [flat|nested] 19+ messages in thread
[parent not found: <CADDndfPhe=iHKtB0_eTYpoAAUJDTkOchUakbOyKveVdkAOLrMQ@mail.gmail.com>]
* [Help] How to Replace File Operations in File System? [not found] ` <CADDndfPhe=iHKtB0_eTYpoAAUJDTkOchUakbOyKveVdkAOLrMQ@mail.gmail.com> @ 2014-02-20 1:32 ` freeman 2014-02-20 7:31 ` Rishi Agrawal 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-20 1:32 UTC (permalink / raw) To: kernelnewbies Hi Rishi, With pleasure! You can check it on https://github.com/freemandealer/droidcry on your convenience. 2014-02-19 23:17, Rishi Agrawal : > Good that you solved it your self, still if you can send me the idea > on which you are working - I may also learn something. > > > On Tue, Feb 18, 2014 at 10:04 AM, freeman <freeman.zhang1992@gmail.com > <mailto:freeman.zhang1992@gmail.com>> wrote: > > > > Hi > > > > The operations will not change back until your object gets > destroyed, > > whatever be the type of the object. > > > > Caching will not cause any issue here. > > > > Maybe if you can send the code we can have a look at it. > > > > > > -- > > Regards, > > Rishi Agrawal > Hi Rishi, > > It's very nice of you willing to help check my code! > I'm now very excited ? problem solved! > > I spent half a day beautifying my code yesterday (so that it won't > annoy > you > that much), and find there is a problem: > > Every time there is a read/write system call, I saved the lower > file ops > and > address space ops. In their replacement(upper operations), I invoked > lower ones. > There's a possibility that it might saved the upper operations as > lower > ones if I > open them twice in a short time. At this point, upper operation invoke > itself! > So I check the operations before truly save and replace them and, > it works! > > Thanks to you and all the amazing people in this amazing list that > helped me, > now I get both wrapfs and my own non-filesystem module functional > for my > future work on transparent encryption, and most importantly, I've > learned and > enjoyed a lot! > > Regards > Freeman Zhang > > > > > -- > Regards, > Rishi Agrawal Regards Freeman Zhang -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/93c9c63e/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 1:32 ` freeman @ 2014-02-20 7:31 ` Rishi Agrawal 2014-02-20 8:57 ` freeman 0 siblings, 1 reply; 19+ messages in thread From: Rishi Agrawal @ 2014-02-20 7:31 UTC (permalink / raw) To: kernelnewbies Hi, I went through your readme. Some questions. On Thu, Feb 20, 2014 at 7:02 AM, freeman <freeman.zhang1992@gmail.com>wrote: > Hi Rishi, > > With pleasure! > You can check it on https://github.com/freemandealer/droidcry > on your convenience. > > 2014-02-19 23:17, Rishi Agrawal : > > Good that you solved it your self, still if you can send me the idea on > which you are working - I may also learn something. > > > On Tue, Feb 18, 2014 at 10:04 AM, freeman <freeman.zhang1992@gmail.com>wrote: > >> >> > Hi >> > >> > The operations will not change back until your object gets destroyed, >> > whatever be the type of the object. >> > >> > Caching will not cause any issue here. >> > >> > Maybe if you can send the code we can have a look at it. >> > >> > >> > -- >> > Regards, >> > Rishi Agrawal >> Hi Rishi, >> >> It's very nice of you willing to help check my code! >> I'm now very excited ? problem solved! >> >> I spent half a day beautifying my code yesterday (so that it won't annoy >> you >> that much), and find there is a problem: >> >> Every time there is a read/write system call, I saved the lower file ops >> and >> address space ops. In their replacement(upper operations), I invoked >> lower ones. >> There's a possibility that it might saved the upper operations as lower >> ones if I >> open them twice in a short time. At this point, upper operation invoke >> itself! >> So I check the operations before truly save and replace them and, it >> works! >> >> Thanks to you and all the amazing people in this amazing list that >> helped me, >> now I get both wrapfs and my own non-filesystem module functional for my >> future work on transparent encryption, and most importantly, I've >> learned and >> enjoyed a lot! >> >> Regards >> Freeman Zhang >> > > > > -- > Regards, > Rishi Agrawal > > Regards > Freeman Zhang > > 1. How are you encrypting the files? Is it done by the encryptfs or you are doing it in your module. 2. How can the user selectively encrypt the files in the system. -- Regards, Rishi Agrawal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/e177e350/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 7:31 ` Rishi Agrawal @ 2014-02-20 8:57 ` freeman 2014-02-20 9:10 ` SandeepKsinha 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-20 8:57 UTC (permalink / raw) To: kernelnewbies 2014-02-20 15:31, Rishi Agrawal : > Hi, > > I went through your readme. Some questions. > > 1. How are you encrypting the files? Is it done by the encryptfs or > you are doing it in your module. > > 2. How can the user selectively encrypt the files in the system. > > > -- > Regards, > Rishi Agrawal Hi Rishi, Sorry about the fuzziness. #1 I plan to do the encryption in my module, but encrypting functions aren't added to it yet. As I mentioned in readme, module now just simply pass-through operations to the original file system. #2 It seems that the user cannot select specific file to encrypt inside one directory :-( . However he may specify a directory then we can encrypt all the file inside it. Namely, the granularity is directory, not file. Besides, subdirectory is not supported at present. Regards Freeman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/3139e039/attachment-0001.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 8:57 ` freeman @ 2014-02-20 9:10 ` SandeepKsinha 2014-02-20 9:48 ` freeman 0 siblings, 1 reply; 19+ messages in thread From: SandeepKsinha @ 2014-02-20 9:10 UTC (permalink / raw) To: kernelnewbies On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com>wrote: > > 2014-02-20 15:31, Rishi Agrawal : > > Hi, > > I went through your readme. Some questions. > > 1. How are you encrypting the files? Is it done by the encryptfs or you > are doing it in your module. > > 2. How can the user selectively encrypt the files in the system. > > > -- > Regards, > Rishi Agrawal > > Hi Rishi, > > Sorry about the fuzziness. > > #1 I plan to do the encryption in my module, but encrypting > functions aren't added to it yet. As I mentioned in readme, > module now just simply pass-through operations to the original > file system. > > #2 It seems that the user cannot select specific file to encrypt > inside one directory :-( . However he may specify a directory > then we can encrypt all the file inside it. Namely, the granularity > is directory, not file. Besides, subdirectory is not supported at > present. > > Why does it even matter - inode vs directory? Is it because you store the encryption metadata in the dirent and not the inode? > Regards > Freeman > > > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > -- Regards, Sandeep. "To learn is to change. Education is a process that changes the learner." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/9d5ffad1/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 9:10 ` SandeepKsinha @ 2014-02-20 9:48 ` freeman 2014-02-20 9:51 ` SandeepKsinha 2014-02-20 15:32 ` Valdis.Kletnieks at vt.edu 0 siblings, 2 replies; 19+ messages in thread From: freeman @ 2014-02-20 9:48 UTC (permalink / raw) To: kernelnewbies 2014-02-2017:10, SandeepKsinha : > > > > On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com > <mailto:freeman.zhang1992@gmail.com>> wrote: > > > 2014-02-20 15:31, Rishi Agrawal : >> Hi, >> >> I went through your readme. Some questions. >> >> 1. How are you encrypting the files? Is it done by the encryptfs >> or you are doing it in your module. >> >> 2. How can the user selectively encrypt the files in the system. >> >> >> -- >> Regards, >> Rishi Agrawal > Hi Rishi, > > Sorry about the fuzziness. > > #1 I plan to do the encryption in my module, but encrypting > functions aren't added to it yet. As I mentioned in readme, > module now just simply pass-through operations to the original > file system. > > #2 It seems that the user cannot select specific file to encrypt > inside one directory :-( . However he may specify a directory > then we can encrypt all the file inside it. Namely, the granularity > is directory, not file. Besides, subdirectory is not supported at > present. > > > Why does it even matter - inode vs directory? Is it because you store > the encryption metadata in the dirent and not the inode? > > > > Regards > Freeman > > > > -- > Regards, > Sandeep. > > "To learn is to change. Education is a process that changes the learner." Hi Sandeep, Actually I haven't got that far... However as I planed it, I don't want involve the user too much- just to keep simple. I plan to build a safe box, and people throw personal things into it. That's all. I want to use it with Android devices. Will complex implementation build barrier for ebedded system? Any suggestions? Regards Freeman Zhang -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/988b0ea9/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 9:48 ` freeman @ 2014-02-20 9:51 ` SandeepKsinha 2014-02-20 15:32 ` Valdis.Kletnieks at vt.edu 1 sibling, 0 replies; 19+ messages in thread From: SandeepKsinha @ 2014-02-20 9:51 UTC (permalink / raw) To: kernelnewbies On Thu, Feb 20, 2014 at 3:18 PM, freeman <freeman.zhang1992@gmail.com>wrote: > > 2014-02-2017:10, SandeepKsinha : > > > > > On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com>wrote: > >> >> 2014-02-20 15:31, Rishi Agrawal : >> >> Hi, >> >> I went through your readme. Some questions. >> >> 1. How are you encrypting the files? Is it done by the encryptfs or >> you are doing it in your module. >> >> 2. How can the user selectively encrypt the files in the system. >> >> >> -- >> Regards, >> Rishi Agrawal >> >> Hi Rishi, >> >> Sorry about the fuzziness. >> >> #1 I plan to do the encryption in my module, but encrypting >> functions aren't added to it yet. As I mentioned in readme, >> module now just simply pass-through operations to the original >> file system. >> >> #2 It seems that the user cannot select specific file to encrypt >> inside one directory :-( . However he may specify a directory >> then we can encrypt all the file inside it. Namely, the granularity >> is directory, not file. Besides, subdirectory is not supported at >> present. >> >> > Why does it even matter - inode vs directory? Is it because you store > the encryption metadata in the dirent and not the inode? > > >> >> Regards >> Freeman >> >> > > -- > Regards, > Sandeep. > > ?To learn is to change. Education is a process that changes the learner.? > > Hi Sandeep, > > Actually I haven't got that far... > However as I planed it, I don't want involve the user too much? > just to keep simple. I plan to build a safe box, and people throw > personal things into it. That's all. > I want to use it with Android devices. Will complex implementation > build barrier for ebedded system? > Any suggestions? > > Not really. Just try to keep the implementation close enough to the use-cases you want to target. Make is user-centric rather than developer. All the best! > Regards > Freeman Zhang > -- Regards, Sandeep. ?To learn is to change. Education is a process that changes the learner.? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/03df5f6d/attachment.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 9:48 ` freeman 2014-02-20 9:51 ` SandeepKsinha @ 2014-02-20 15:32 ` Valdis.Kletnieks at vt.edu 2014-02-24 1:52 ` Freeman Zhang 1 sibling, 1 reply; 19+ messages in thread From: Valdis.Kletnieks at vt.edu @ 2014-02-20 15:32 UTC (permalink / raw) To: kernelnewbies On Thu, 20 Feb 2014 17:48:07 +0800, freeman said: > However as I planed it, I don't want involve the user too much- > just to keep simple. I plan to build a safe box, and people throw > personal things into it. That's all. The first question is - what are you trying to protect against? The answer to that will influence your design. As Bruce Schneier said in the intro to Applied Cryptography: There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter. It's one thing to write a silly kernel module that will rot13 your files. It's totally another to design a complete system that works. Do you need to worry about a directory being open for access to encrypted files, and another rogue process on the system simply going and reading the files and the crypto doesn't matter? (This is an issue for cryptLUKS, for instance - it defends against somebody stealing a powered-off laptop, but not against processes that get access to a running system. You may wish to think for a bit about what security is provided by a system that is suspended, rather than powered off - particularly in the case of cold-boot attacks....) Do you need to worry about somebody replacing the binary that prompts the user for the passphrase before loading it into the kernel, with a version that saves the passphrase for later, after the device has been "recovered" via theft or similar? (And yes, this *has* been used before, see 'FBI v Scarfo', where they installed a keylogger to snag a PGP passphrase: https://epic.org/crypto/scarfo.html Do you need to worry about other more generic keystroke loggers? Do you need to worry about the fact that most user passphrases won't have enough entropy to be used directly as crypto keys? If you merely use the passphrase for salting a randomized key (such as the way gpg, ssh, and cryptLUKS use your passphrase), how do you address the problem of insufficient random entropy at key generation time? That's just the obvious stuff you will need to worry about. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 848 bytes Desc: not available Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/77852d5b/attachment.bin ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-20 15:32 ` Valdis.Kletnieks at vt.edu @ 2014-02-24 1:52 ` Freeman Zhang 0 siblings, 0 replies; 19+ messages in thread From: Freeman Zhang @ 2014-02-24 1:52 UTC (permalink / raw) To: kernelnewbies Hi, Sorry about the delayed response. To be frank, I haven't think over these stuff seriously. I didn't expect too much about the module at first. Now I know I was wrong. I shouldn't get through it rashly-people are watching on me! And I believe I can make it with the help and advice I got from all of you. Thank you! > The first question is - what are you trying to protect against? The > answer to that will influence your design. > > As Bruce Schneier said in the intro to Applied Cryptography: > > There are two kinds of cryptography in this world: cryptography that will stop > your kid sister from reading your files, and cryptography that will stop major > governments from reading your files. This book is about the latter. > > It's one thing to write a silly kernel module that will rot13 your > files. It's totally another to design a complete system that works. > > Do you need to worry about a directory being open for access to encrypted > files, and another rogue process on the system simply going and reading > the files and the crypto doesn't matter? (This is an issue for cryptLUKS, > for instance - it defends against somebody stealing a powered-off laptop, > but not against processes that get access to a running system. You may wish > to think for a bit about what security is provided by a system that is > suspended, rather than powered off - particularly in the case of > cold-boot attacks....) > > Do you need to worry about somebody replacing the binary that prompts > the user for the passphrase before loading it into the kernel, with a > version that saves the passphrase for later, after the device has been > "recovered" via theft or similar? (And yes, this *has* been used before, > see 'FBI v Scarfo', where they installed a keylogger to snag a PGP passphrase: > > https://epic.org/crypto/scarfo.html > > Do you need to worry about other more generic keystroke loggers? > > Do you need to worry about the fact that most user passphrases won't > have enough entropy to be used directly as crypto keys? If you merely > use the passphrase for salting a randomized key (such as the way gpg, > ssh, and cryptLUKS use your passphrase), how do you address the problem > of insufficient random entropy at key generation time? > > That's just the obvious stuff you will need to worry about. :) > Regards Freeman Zhang -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140224/a55c2815/attachment-0001.html ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 6:44 ` Abhijit Chandrakant Pawar 2014-02-13 6:59 ` Saket Sinha 2014-02-13 11:47 ` Rishi Agrawal @ 2014-02-13 13:26 ` freeman 2014-02-14 22:49 ` Valdis.Kletnieks at vt.edu 2 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-13 13:26 UTC (permalink / raw) To: kernelnewbies Hi Abhijit and Saket, Thank you very much for your reply! I did some study on eCryptfs before. I think eCrytfs is a " big ideas for small business". Implementation of a totally new filesystem is quite complex for me to imitate and study. So with the elicitation from eCryptfs, I have this idea to design a simplified module(not another filesystem) to do transparent en/decrypting, by replacing some main function pointers. Thanks to you, now I know there is WRAPFS, which I think is perfectly suitable for my project??short, easy, and highly extendable. If I still cannot fix this problem, I would like to turn to WRAPFS! Much thanks! Freeman Zhang ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-13 13:26 ` freeman @ 2014-02-14 22:49 ` Valdis.Kletnieks at vt.edu 2014-02-17 0:59 ` freeman 0 siblings, 1 reply; 19+ messages in thread From: Valdis.Kletnieks at vt.edu @ 2014-02-14 22:49 UTC (permalink / raw) To: kernelnewbies On Thu, 13 Feb 2014 21:26:43 +0800, freeman said: > eCryptfs, I have this idea to design a simplified module(not > another filesystem) to do transparent en/decrypting, by Doing it transparently is harder than it looks. Key management is a bitch. (Hint - there's a reason why ecryptfs does it the way it does, rather than the simpler way you're attempting to do it...) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 848 bytes Desc: not available Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140214/b3dd078f/attachment.bin ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-14 22:49 ` Valdis.Kletnieks at vt.edu @ 2014-02-17 0:59 ` freeman 2014-02-17 2:50 ` Saket Sinha 0 siblings, 1 reply; 19+ messages in thread From: freeman @ 2014-02-17 0:59 UTC (permalink / raw) To: kernelnewbies On 15 Feb 2014, Valdis.Kletnieks at vt.edu said: > On Thu, 13 Feb 2014 21:26:43 +0800, freeman said: > >> eCryptfs, I have this idea to design a simplified module(not >> another filesystem) to do transparent en/decrypting, by > Doing it transparently is harder than it looks. Key management is a bitch. > > (Hint - there's a reason why ecryptfs does it the way it does, rather than > the simpler way you're attempting to do it...) Hi Valdis, Thanks for your hint! There is no wonder that I got stuck when studying key management of eCryptfs.I think I should pay much more attention to it. Any idea of how to deal with key management? openPGP file format, multitudinous authentication in eCryptfs really make me give up! Regards Freeman ^ permalink raw reply [flat|nested] 19+ messages in thread
* [Help] How to Replace File Operations in File System? 2014-02-17 0:59 ` freeman @ 2014-02-17 2:50 ` Saket Sinha 0 siblings, 0 replies; 19+ messages in thread From: Saket Sinha @ 2014-02-17 2:50 UTC (permalink / raw) To: kernelnewbies Wrapfs is the most basic stackable filesystem in the linux kernel. After this ecryptfs comes which has been developed using the foundation of Wrapfs. The developer is also the same - Erez Zadok from StonyBrook University. You can contact him for more details Regards, Saket Sinha ^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2014-02-24 1:52 UTC | newest] Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-02-13 2:10 [Help] How to Replace File Operations in File System? freeman 2014-02-13 6:44 ` Abhijit Chandrakant Pawar 2014-02-13 6:59 ` Saket Sinha 2014-02-13 11:47 ` Rishi Agrawal 2014-02-13 13:28 ` freeman 2014-02-17 8:06 ` Rishi Agrawal 2014-02-18 4:34 ` freeman [not found] ` <CADDndfPhe=iHKtB0_eTYpoAAUJDTkOchUakbOyKveVdkAOLrMQ@mail.gmail.com> 2014-02-20 1:32 ` freeman 2014-02-20 7:31 ` Rishi Agrawal 2014-02-20 8:57 ` freeman 2014-02-20 9:10 ` SandeepKsinha 2014-02-20 9:48 ` freeman 2014-02-20 9:51 ` SandeepKsinha 2014-02-20 15:32 ` Valdis.Kletnieks at vt.edu 2014-02-24 1:52 ` Freeman Zhang 2014-02-13 13:26 ` freeman 2014-02-14 22:49 ` Valdis.Kletnieks at vt.edu 2014-02-17 0:59 ` freeman 2014-02-17 2:50 ` Saket Sinha
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.