[Help] How to Replace File Operations in File System?

[Help] How to Replace File Operations in File System?

[freeman]

Hi list,

I am a newbie in linux kernel programming. Recently I got stuck in a
problem when doing
practice in file system programming. I hope this list is the right place
I can turn to.

I want to replace some file operations of files in a certain
directory,so that data can be
decrypted/encrypted through read/write system call. So I:

#1: Find the directory inode, save its original inode operation
table,then replace
the table:

kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path);
lower_iops = target_dir_path.dentry->d_inode->i_op;
target_dir_path.dentry->d_inode->i_op = &my_iops;

#2: In my_iops, I mainly changed ".lookup" function like this to achive
my goal ??
replace the file operation table of all files in the directory.

static struct dentry *my_inode_lookup(struct inode *dir, struct dentry
*dentry,
struct nameidata *nd)
{
struct dentry *ret_dentry;

ret_dentry = lower_iops->lookup(dir,dentry,nd);
if (!ret_dentry)
goto out;
ret_dentry->d_inode->i_fop = &my_fops;
out:
return ret_dentry;
}

Things turns out that replacement of inode operation table of directory
is successful
but the changes in file operations are not functional: system works as
it used to,
totally ignore my_fops!

I have no idea how to fix it. Can anybody help?
Thanks for your attention!
Regards

Freeman Zhang

[Help] How to Replace File Operations in File System?

[Abhijit Chandrakant Pawar]

Hi,

On Thursday 13 February 2014 07:40 AM, freeman wrote:
> Hi list,
> 
> I am a newbie in linux kernel programming. Recently I got stuck in a
> problem when doing
> practice in file system programming. I hope this list is the right place
> I can turn to.
> 
> I want to replace some file operations of files in a certain
> directory,so that data can be
> decrypted/encrypted through read/write system call. So I:
> 
> #1: Find the directory inode, save its original inode operation
> table,then replace
> the table:
> 
> kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path);
> lower_iops = target_dir_path.dentry->d_inode->i_op;
> target_dir_path.dentry->d_inode->i_op = &my_iops;
> 
I assume that you are writing your own stackable filesystem.
Take a look at WRAPFS[1] and ecryptfs[2]. As a matter of fact, ecryptfs
does what you are expecting.

To do this, you need to set your superblock operations for the lower
directory inode so the VFS use your filesystem instead of the original
filesystem.
Important steps to look are:
1. get lower superblock from the lower directory inode
2. assign this superblock as an overlay for your own superblock.
3. Set your own superblock operations for the new superblock
4. get a root inode for your superblock using the lower directory inode
5. While you are getting the inode, you can set the file operations on
this inode which will help you achieve your case.

The point to note that you need to interpose the inodes with VFS so that
everything would be routed to your filesystem.

--
Abhijit.
[1]http://wrapfs.filesystems.org/
[2]http://ecryptfs.org/


> #2: In my_iops, I mainly changed ".lookup" function like this to achive
> my goal ??
> replace the file operation table of all files in the directory.
> 
> static struct dentry *my_inode_lookup(struct inode *dir, struct dentry
> *dentry,
> struct nameidata *nd)
> {
> struct dentry *ret_dentry;
> 
> ret_dentry = lower_iops->lookup(dir,dentry,nd);
> if (!ret_dentry)
> goto out;
> ret_dentry->d_inode->i_fop = &my_fops;
> out:
> return ret_dentry;
> }
> 
> Things turns out that replacement of inode operation table of directory
> is successful
> but the changes in file operations are not functional: system works as
> it used to,
> totally ignore my_fops!
> 
> I have no idea how to fix it. Can anybody help?
> Thanks for your attention!
> Regards
> 
> Freeman Zhang
> 
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> 

[Help] How to Replace File Operations in File System?

[Saket Sinha]

For encrypt/decrypt on file operations, a stackable filesystem needs
to exist between VFS and the lower filesystem(suppose ext4) and that
is what wrapfs and ecryptfs does.

Regards,
Saket Sinha

[Help] How to Replace File Operations in File System?

[Rishi Agrawal]

Hi,


On Thu, Feb 13, 2014 at 12:14 PM, Abhijit Chandrakant Pawar <
abhi.c.pawar@gmail.com> wrote:

> Hi,
>
> On Thursday 13 February 2014 07:40 AM, freeman wrote:
> > Hi list,
> >
> > I am a newbie in linux kernel programming. Recently I got stuck in a
> > problem when doing
> > practice in file system programming. I hope this list is the right place
> > I can turn to.
> >
> > I want to replace some file operations of files in a certain
> > directory,so that data can be
> > decrypted/encrypted through read/write system call. So I:
> >
> > #1: Find the directory inode, save its original inode operation
> > table,then replace
> > the table:
> >
> > kern_path(pathname, LOOKUP_FOLLOW, &target_dir_path);
> > lower_iops = target_dir_path.dentry->d_inode->i_op;
> > target_dir_path.dentry->d_inode->i_op = &my_iops;
> >
> I assume that you are writing your own stackable filesystem.
> Take a look at WRAPFS[1] and ecryptfs[2]. As a matter of fact, ecryptfs
> does what you are expecting.
>
> To do this, you need to set your superblock operations for the lower
> directory inode so the VFS use your filesystem instead of the original
> filesystem.
> Important steps to look are:
> 1. get lower superblock from the lower directory inode
> 2. assign this superblock as an overlay for your own superblock.
> 3. Set your own superblock operations for the new superblock
> 4. get a root inode for your superblock using the lower directory inode
> 5. While you are getting the inode, you can set the file operations on
> this inode which will help you achieve your case.
>
> The point to note that you need to interpose the inodes with VFS so that
> everything would be routed to your filesystem.
>
> --
> Abhijit.
> [1]http://wrapfs.filesystems.org/
> [2]http://ecryptfs.org/
>
>
> > #2: In my_iops, I mainly changed ".lookup" function like this to achive
> > my goal ??
> > replace the file operation table of all files in the directory.
> >
> > static struct dentry *my_inode_lookup(struct inode *dir, struct dentry
> > *dentry,
> > struct nameidata *nd)
> > {
> > struct dentry *ret_dentry;
> >
> > ret_dentry = lower_iops->lookup(dir,dentry,nd);
> > if (!ret_dentry)
> > goto out;
> > ret_dentry->d_inode->i_fop = &my_fops;
> > out:
> > return ret_dentry;
> > }
> >
> > Things turns out that replacement of inode operation table of directory
> > is successful
> > but the changes in file operations are not functional: system works as
> > it used to,
> > totally ignore my_fops!
> >
> > I have no idea how to fix it. Can anybody help?
> > Thanks for your attention!
> > Regards
> >
> > Freeman Zhang
> >
> >
> > _______________________________________________
> > Kernelnewbies mailing list
> > Kernelnewbies at kernelnewbies.org
> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> >
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>


Freeman - What you are doing seems to be correct - you may have missed some
pointer some where.

Which file system are you using, are you writing a layer on an existing
file system or changing the code of a file system

Try adding some debug messages whenever you change the operations which
prints the dentry->name of the file, you will get an idea that the correct
file's operations are getting modified.


-- 
Regards,
Rishi Agrawal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140213/ca8b5afc/attachment.html 

[Help] How to Replace File Operations in File System?

[freeman]

Hi Abhijit and Saket,

Thank you very much for your reply!

I did some study on eCryptfs before. I think eCrytfs is a "
big ideas for small business".
Implementation of a totally new filesystem is quite complex
for me to imitate and study. So with the elicitation from
eCryptfs, I have this idea to design a simplified module(not
another filesystem) to do transparent en/decrypting, by
replacing some main function pointers.

Thanks to you, now I know there is WRAPFS, which I think is
perfectly suitable for my project??short, easy, and highly
extendable. If I still cannot fix this problem, I would like
to turn to WRAPFS!

Much thanks!

Freeman Zhang

[Help] How to Replace File Operations in File System?

[freeman]

Hi Rishi,

Thanks for your reply!

I'm sorry that the description of the problem was not clear.

I am writing a module(not a filesystem) to replace some operation
pointers of Ext4.
Just now, I try to print the dentry->name as you said. It seems
that I'm modifying the right files.

I'm wonderring if my idea is bad:
I changed operations of a file both in ->create and ->lookup in
inode operations of direcotry. And test the module like this:

echo hello > hello      (for dir_inode->create and f->write)
cat hello               (for f->read)


Will the file operations be changed back?
Or what I modified is some copies of real objects because of the
complex caching mechanism?

Regards

Freeman Zhang

[Help] How to Replace File Operations in File System?

[Valdis.Kletnieks at vt.edu]

On Thu, 13 Feb 2014 21:26:43 +0800, freeman said:

> eCryptfs, I have this idea to design a simplified module(not
> another filesystem) to do transparent en/decrypting, by

Doing it transparently is harder than it looks.  Key management is a bitch.

(Hint - there's a reason why ecryptfs does it the way it does, rather than
the simpler way you're attempting to do it...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140214/b3dd078f/attachment.bin 

[Help] How to Replace File Operations in File System?

[freeman]

On 15 Feb 2014, Valdis.Kletnieks at vt.edu said:
> On Thu, 13 Feb 2014 21:26:43 +0800, freeman said:
>
>> eCryptfs, I have this idea to design a simplified module(not
>> another filesystem) to do transparent en/decrypting, by
> Doing it transparently is harder than it looks.  Key management is a bitch.
>
> (Hint - there's a reason why ecryptfs does it the way it does, rather than
> the simpler way you're attempting to do it...)
Hi Valdis,

Thanks for your hint! There is no wonder that I got stuck when studying
key management of eCryptfs.I think I should pay much more attention
to it.
Any idea of how to deal with key management? openPGP file format,
multitudinous authentication in eCryptfs really make me give up!

Regards
Freeman

[Help] How to Replace File Operations in File System?

[Saket Sinha]

Wrapfs is the most basic stackable filesystem in the linux kernel.
After this ecryptfs comes which has been developed using the
foundation of Wrapfs.

The developer is also the same - Erez Zadok from StonyBrook
University. You can contact him for more details

Regards,
Saket Sinha

[Help] How to Replace File Operations in File System?

[Rishi Agrawal]

Hi


On Thu, Feb 13, 2014 at 6:58 PM, freeman <freeman.zhang1992@gmail.com>wrote:

> Hi Rishi,
>
> Thanks for your reply!
>
> I'm sorry that the description of the problem was not clear.
>
> I am writing a module(not a filesystem) to replace some operation
> pointers of Ext4.
> Just now, I try to print the dentry->name as you said. It seems
> that I'm modifying the right files.
>
> I'm wonderring if my idea is bad:
> I changed operations of a file both in ->create and ->lookup in
> inode operations of direcotry. And test the module like this:
>
> echo hello > hello      (for dir_inode->create and f->write)
> cat hello               (for f->read)
>
>
> Will the file operations be changed back?
> Or what I modified is some copies of real objects because of the
> complex caching mechanism?
>
> Regards
>
> Freeman Zhang
>
>
>

The operations will not change back until your object gets destroyed,
whatever be the type of the object.

Caching will not cause any issue here.

Maybe if you can send the code we can have a look at it.


-- 
Regards,
Rishi Agrawal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140217/72a74453/attachment.html 

[Help] How to Replace File Operations in File System?

[freeman]

> Hi
>
> The operations will not change back until your object gets destroyed,
> whatever be the type of the object.
>
> Caching will not cause any issue here.
>
> Maybe if you can send the code we can have a look at it.
>
>
> -- 
> Regards,
> Rishi Agrawal
Hi Rishi,

It's very nice of you willing to help check my code!
I'm now very excited ? problem solved!

I spent half a day beautifying my code yesterday (so that it won't annoy
you
that much), and find there is a problem:

Every time there is a read/write system call, I saved the lower file ops
and
address space ops. In their replacement(upper operations), I invoked
lower ones.
There's a possibility that it might saved the upper operations as lower
ones if I
open them twice in a short time. At this point, upper operation invoke
itself!
So I check the operations before truly save and replace them and, it works!

Thanks to you and all the amazing people in this amazing list that
helped me,
now I get both wrapfs and my own non-filesystem module functional for my
future work on transparent encryption, and most importantly, I've
learned and
enjoyed a lot!

Regards
Freeman Zhang

[Help] How to Replace File Operations in File System?

[freeman]

Hi Rishi,

With pleasure!
You can check it on https://github.com/freemandealer/droidcry
on your convenience.

 2014-02-19 23:17, Rishi Agrawal :
> Good that you solved it your self, still if you can send me the idea
> on which you are working - I may also learn something.
>
>
> On Tue, Feb 18, 2014 at 10:04 AM, freeman <freeman.zhang1992@gmail.com
> <mailto:freeman.zhang1992@gmail.com>> wrote:
>
>
>     > Hi
>     >
>     > The operations will not change back until your object gets
>     destroyed,
>     > whatever be the type of the object.
>     >
>     > Caching will not cause any issue here.
>     >
>     > Maybe if you can send the code we can have a look at it.
>     >
>     >
>     > --
>     > Regards,
>     > Rishi Agrawal
>     Hi Rishi,
>
>     It's very nice of you willing to help check my code!
>     I'm now very excited ? problem solved!
>
>     I spent half a day beautifying my code yesterday (so that it won't
>     annoy
>     you
>     that much), and find there is a problem:
>
>     Every time there is a read/write system call, I saved the lower
>     file ops
>     and
>     address space ops. In their replacement(upper operations), I invoked
>     lower ones.
>     There's a possibility that it might saved the upper operations as
>     lower
>     ones if I
>     open them twice in a short time. At this point, upper operation invoke
>     itself!
>     So I check the operations before truly save and replace them and,
>     it works!
>
>     Thanks to you and all the amazing people in this amazing list that
>     helped me,
>     now I get both wrapfs and my own non-filesystem module functional
>     for my
>     future work on transparent encryption, and most importantly, I've
>     learned and
>     enjoyed a lot!
>
>     Regards
>     Freeman Zhang
>
>
>
>
> -- 
> Regards,
> Rishi Agrawal
Regards
Freeman Zhang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/93c9c63e/attachment.html 

[Help] How to Replace File Operations in File System?

[Rishi Agrawal]

Hi,

I went through your readme. Some questions.


On Thu, Feb 20, 2014 at 7:02 AM, freeman <freeman.zhang1992@gmail.com>wrote:

>  Hi Rishi,
>
> With pleasure!
> You can check it on https://github.com/freemandealer/droidcry
> on your convenience.
>
>  2014-02-19 23:17, Rishi Agrawal :
>
> Good that you solved it your self, still if you can send me the idea on
> which you are working - I may also learn something.
>
>
> On Tue, Feb 18, 2014 at 10:04 AM, freeman <freeman.zhang1992@gmail.com>wrote:
>
>>
>> > Hi
>> >
>> > The operations will not change back until your object gets destroyed,
>> > whatever be the type of the object.
>> >
>> > Caching will not cause any issue here.
>> >
>> > Maybe if you can send the code we can have a look at it.
>> >
>> >
>> > --
>> > Regards,
>> > Rishi Agrawal
>>  Hi Rishi,
>>
>> It's very nice of you willing to help check my code!
>> I'm now very excited ? problem solved!
>>
>> I spent half a day beautifying my code yesterday (so that it won't annoy
>> you
>> that much), and find there is a problem:
>>
>> Every time there is a read/write system call, I saved the lower file ops
>> and
>> address space ops. In their replacement(upper operations), I invoked
>> lower ones.
>> There's a possibility that it might saved the upper operations as lower
>> ones if I
>> open them twice in a short time. At this point, upper operation invoke
>> itself!
>> So I check the operations before truly save and replace them and, it
>> works!
>>
>> Thanks to you and all the amazing people in this amazing list that
>> helped me,
>> now I get both wrapfs and my own non-filesystem module functional for my
>> future work on transparent encryption, and most importantly, I've
>> learned and
>> enjoyed a lot!
>>
>> Regards
>> Freeman Zhang
>>
>
>
>
> --
> Regards,
> Rishi Agrawal
>
> Regards
> Freeman Zhang
>
>

1. How are you encrypting the files? Is it done by the encryptfs or you are
doing it in your module.

2. How can the user selectively encrypt the files in the system.


-- 
Regards,
Rishi Agrawal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/e177e350/attachment.html 

[Help] How to Replace File Operations in File System?

[freeman]

2014-02-20 15:31, Rishi Agrawal :
> Hi,
>
> I went through your readme. Some questions.
>
> 1. How are you encrypting the files? Is it done by the encryptfs or
> you are doing it in your module.
>
> 2. How can the user selectively encrypt the files in the system.
>
>
> -- 
> Regards,
> Rishi Agrawal
Hi Rishi,

Sorry about the fuzziness.

#1 I plan to do the encryption in my module, but encrypting
functions aren't added to it yet. As I mentioned in readme,
module now just simply pass-through operations to the original
file system.

#2 It seems that the user cannot select specific file to encrypt
inside one directory :-( . However he may specify a directory
then we can encrypt all the file inside it. Namely, the granularity
is directory, not file. Besides, subdirectory is not supported at
present.

Regards
Freeman



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/3139e039/attachment-0001.html 

[Help] How to Replace File Operations in File System?

[SandeepKsinha]

On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com>wrote:

>
>  2014-02-20 15:31, Rishi Agrawal :
>
> Hi,
>
> I went through your readme. Some questions.
>
>  1. How are you encrypting the files? Is it done by the encryptfs or you
> are doing it in your module.
>
>  2. How can the user selectively encrypt the files in the system.
>
>
> --
> Regards,
> Rishi Agrawal
>
> Hi Rishi,
>
> Sorry about the fuzziness.
>
> #1 I plan to do the encryption in my module, but encrypting
> functions aren't added to it yet. As I mentioned in readme,
> module now just simply pass-through operations to the original
> file system.
>
> #2 It seems that the user cannot select specific file to encrypt
> inside one directory :-( . However he may specify a directory
> then we can encrypt all the file inside it. Namely, the granularity
> is directory, not file. Besides, subdirectory is not supported at
> present.
>
>
Why does it even matter - inode vs directory? Is it because you store the
encryption metadata in the dirent and not the inode?


> Regards
> Freeman
>
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>


-- 
Regards,
Sandeep.






"To learn is to change. Education is a process that changes the learner."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/9d5ffad1/attachment.html 

[Help] How to Replace File Operations in File System?

[freeman]

2014-02-2017:10, SandeepKsinha :
>
>
>
> On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com
> <mailto:freeman.zhang1992@gmail.com>> wrote:
>
>
>     2014-02-20 15:31, Rishi Agrawal :
>>     Hi,
>>
>>     I went through your readme. Some questions.
>>
>>     1. How are you encrypting the files? Is it done by the encryptfs
>>     or you are doing it in your module.
>>
>>     2. How can the user selectively encrypt the files in the system.
>>
>>
>>     -- 
>>     Regards,
>>     Rishi Agrawal
>     Hi Rishi,
>
>     Sorry about the fuzziness.
>
>     #1 I plan to do the encryption in my module, but encrypting
>     functions aren't added to it yet. As I mentioned in readme,
>     module now just simply pass-through operations to the original
>     file system.
>
>     #2 It seems that the user cannot select specific file to encrypt
>     inside one directory :-( . However he may specify a directory
>     then we can encrypt all the file inside it. Namely, the granularity
>     is directory, not file. Besides, subdirectory is not supported at
>     present.
>
>
> Why does it even matter - inode vs directory? Is it because you store
> the encryption metadata in the dirent and not the inode?
>  
>
>
>     Regards
>     Freeman
>
>
>
> -- 
> Regards,
> Sandeep.
>
> "To learn is to change. Education is a process that changes the learner."
Hi Sandeep,

Actually I haven't got that far...
However as I planed it, I don't want involve the user too much-
just to keep simple. I plan to build a safe box, and people throw
personal things into it. That's all.
I want to use it with Android devices. Will complex implementation
build barrier for ebedded system?
Any suggestions?

Regards
Freeman Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/988b0ea9/attachment.html 

[Help] How to Replace File Operations in File System?

[SandeepKsinha]

On Thu, Feb 20, 2014 at 3:18 PM, freeman <freeman.zhang1992@gmail.com>wrote:

>
> 2014-02-2017:10, SandeepKsinha :
>
>
>
>
> On Thu, Feb 20, 2014 at 2:27 PM, freeman <freeman.zhang1992@gmail.com>wrote:
>
>>
>>  2014-02-20 15:31, Rishi Agrawal :
>>
>>  Hi,
>>
>> I went through your readme. Some questions.
>>
>>   1. How are you encrypting the files? Is it done by the encryptfs or
>> you are doing it in your module.
>>
>>  2. How can the user selectively encrypt the files in the system.
>>
>>
>> --
>> Regards,
>> Rishi Agrawal
>>
>> Hi Rishi,
>>
>> Sorry about the fuzziness.
>>
>> #1 I plan to do the encryption in my module, but encrypting
>> functions aren't added to it yet. As I mentioned in readme,
>> module now just simply pass-through operations to the original
>> file system.
>>
>> #2 It seems that the user cannot select specific file to encrypt
>> inside one directory :-( . However he may specify a directory
>> then we can encrypt all the file inside it. Namely, the granularity
>> is directory, not file. Besides, subdirectory is not supported at
>> present.
>>
>>
>  Why does it even matter - inode vs directory? Is it because you store
> the encryption metadata in the dirent and not the inode?
>
>
>>
>>  Regards
>>  Freeman
>>
>>
>
>  --
> Regards,
> Sandeep.
>
> ?To learn is to change. Education is a process that changes the learner.?
>
> Hi Sandeep,
>
> Actually I haven't got that far...
> However as I planed it, I don't want involve the user too much?
> just to keep simple. I plan to build a safe box, and people throw
> personal things into it. That's all.
> I want to use it with Android devices. Will complex implementation
> build barrier for ebedded system?
> Any suggestions?
>
>
Not really. Just try to keep the implementation close enough to the
use-cases you want to target.
Make is user-centric rather than developer.

All the best!



> Regards
> Freeman Zhang
>



-- 
Regards,
Sandeep.






?To learn is to change. Education is a process that changes the learner.?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/03df5f6d/attachment.html 

[Help] How to Replace File Operations in File System?

[Valdis.Kletnieks at vt.edu]

On Thu, 20 Feb 2014 17:48:07 +0800, freeman said:

> However as I planed it, I don't want involve the user too much-
> just to keep simple. I plan to build a safe box, and people throw
> personal things into it. That's all.

The first question is - what are you trying to protect against? The
answer to that will influence your design.

As Bruce Schneier said in the intro to Applied Cryptography:

There are two kinds of cryptography in this world: cryptography that will stop
your kid sister from reading your files, and cryptography that will stop major
governments from reading your files. This book is about the latter.

It's one thing to write a silly kernel module that will rot13 your
files.  It's totally another to design a complete system that works.

Do you need to worry about a directory being open for access to encrypted
files, and another rogue process on the system simply going and reading
the files and the crypto doesn't matter? (This is an issue for cryptLUKS,
for instance - it defends against somebody stealing a powered-off laptop,
but not against processes that get access to a running system.  You may wish
to think for a bit about what security is provided by a system that is
suspended, rather than powered off - particularly in the case of
cold-boot attacks....)

Do you need to worry about somebody replacing the binary that prompts
the user for the passphrase before loading it into the kernel, with a
version that saves the passphrase for later, after the device has been
"recovered" via theft or similar? (And yes, this *has* been used before,
see 'FBI v Scarfo', where they installed a keylogger to snag a PGP passphrase:

https://epic.org/crypto/scarfo.html

Do you need to worry about other more generic keystroke loggers?

Do you need to worry about the fact that most user passphrases won't
have enough entropy to be used directly as crypto keys?  If you merely
use the passphrase for salting a randomized key (such as the way gpg,
ssh, and cryptLUKS use your passphrase), how do you address the problem
of insufficient random entropy at key generation time?

That's just the obvious stuff you will need to worry about. :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140220/77852d5b/attachment.bin 

[Help] How to Replace File Operations in File System?

[Freeman Zhang]

Hi,
Sorry about the delayed response. To be frank, I haven't think over
these stuff
seriously. I didn't expect too much about the module at first. Now I
know I was
wrong. I shouldn't  get through it rashly-people are watching on me!
And I  believe I can make it with the help and advice I got from all of
you.
Thank you!

> The first question is - what are you trying to protect against? The
> answer to that will influence your design.
>
> As Bruce Schneier said in the intro to Applied Cryptography:
>
> There are two kinds of cryptography in this world: cryptography that will stop
> your kid sister from reading your files, and cryptography that will stop major
> governments from reading your files. This book is about the latter.
>
> It's one thing to write a silly kernel module that will rot13 your
> files.  It's totally another to design a complete system that works.
>
> Do you need to worry about a directory being open for access to encrypted
> files, and another rogue process on the system simply going and reading
> the files and the crypto doesn't matter? (This is an issue for cryptLUKS,
> for instance - it defends against somebody stealing a powered-off laptop,
> but not against processes that get access to a running system.  You may wish
> to think for a bit about what security is provided by a system that is
> suspended, rather than powered off - particularly in the case of
> cold-boot attacks....)
>
> Do you need to worry about somebody replacing the binary that prompts
> the user for the passphrase before loading it into the kernel, with a
> version that saves the passphrase for later, after the device has been
> "recovered" via theft or similar? (And yes, this *has* been used before,
> see 'FBI v Scarfo', where they installed a keylogger to snag a PGP passphrase:
>
> https://epic.org/crypto/scarfo.html
>
> Do you need to worry about other more generic keystroke loggers?
>
> Do you need to worry about the fact that most user passphrases won't
> have enough entropy to be used directly as crypto keys?  If you merely
> use the passphrase for salting a randomized key (such as the way gpg,
> ssh, and cryptLUKS use your passphrase), how do you address the problem
> of insufficient random entropy at key generation time?
>
> That's just the obvious stuff you will need to worry about. :)
>
Regards
Freeman Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140224/a55c2815/attachment-0001.html