unrm
play

UNRM Hacking the filesystem Jessica Yu WHOOPS... GMAIL: UNDO SEND - PowerPoint PPT Presentation

May 16, 2023 •295 likes •888 views

UNRM Hacking the filesystem Jessica Yu WHOOPS... GMAIL: UNDO SEND unrm operates on the same idea as Gmail's undo send. UNRM: USAGE Goal : after an rm , want to be able to recover all removed files under a certain directory within a set period

  1. UNRM Hacking the filesystem Jessica Yu

  2. WHOOPS...

  3. GMAIL: UNDO SEND unrm operates on the same idea as Gmail's undo send.

  4. UNRM: USAGE Goal : after an rm , want to be able to recover all removed files under a certain directory within a set period of time. $ ls document.pdf image.png file.txt dir/ $ rm -r * # rm all files $ ls -l # all gone! total 0 $ unrm # undo $ ls document.pdf image.png file.txt dir/ # all back!

  5. RM: UNDER THE HOOD What happens during an rm? Application Application Application C-Standard Library (libc) USERSPACE KERNELSPACE Virtual Filesystem (VFS) Ext4 Btrfs XFS

  6. RM: UNDER THE HOOD What happens during an rm? Application rm Application $ strace rm file ... unlinkat(AT_FDCWD, "file", 0) C-Standard Library (libc) ... USERSPACE KERNELSPACE Virtual Filesystem (VFS) Ext4 Btrfs XFS

  7. RM: UNDER THE HOOD What happens during an rm? Application rm Application $ strace rm file ... unlinkat(AT_FDCWD, "file", 0) C-Standard Library (libc) ... USERSPACE KERNELSPACE do_unlinkat(...) Virtual Filesystem (VFS) → vfs_unlink(...) Ext4 Btrfs XFS

  8. RM: UNDER THE HOOD What happens during an rm? Application rm Application $ strace rm file ... unlinkat(AT_FDCWD, "file", 0) C-Standard Library (libc) ... USERSPACE KERNELSPACE do_unlinkat(...) Virtual Filesystem (VFS) → vfs_unlink(...) → dir->i_op->unlink(...) Ext4 Btrfs XFS

  9. RM: UNDER THE HOOD What happens during an rm? Application rm Application $ strace rm file ... unlinkat(AT_FDCWD, "file", 0) C-Standard Library (libc) ... USERSPACE KERNELSPACE do_unlinkat(...) Virtual Filesystem (VFS) → vfs_unlink(...) → dir->i_op->unlink(...) → ext4_unlink(....) Ext4 Btrfs XFS

  10. UNRM: UNDER THE HOOD What happens during an rm? Application rm Application $ strace rm file ... unlinkat(AT_FDCWD, "file", 0) C-Standard Library (libc) ... USERSPACE KERNELSPACE do_unlinkat(...) Virtual Filesystem (VFS) → vfs_unlink(...) → dir->i_op->unlink(...) → ext4_unlink(....) Ext4 Btrfs XFS → ext4_unrm_save(...)

  11. UNRM: OVERVIEW ○ Idea : Intercept unlinking process at the fs layer ○ When we run rm , we want it to look like the file has been removed already ( 'ls' shouldn't show file) □ But file should still exist somewhere □ And the file is finally removed after a period of time ○ accomplish this via work queues

  12. UNRM: OVERVIEW ext4_sb_info ○ Create a tree ... struct radix_tree_root s_unrm ; "second chance tree" □ ... radix tree rooted at ext4 superblock info □ ... struct dir 123 . c e s 0 indexed by directory inode # ○ 3 file each node in the tree points to a linked list □ . c e s 0 3 file . c ○ Linked lists e s 0 3 file For each directory, use a linked list to keep track □ of individual rm'd files from that dir ○ Work queues Finish unlinking process after set period of time □

  13. UNRM: OVERVIEW ext4_sb_info ○ Create a tree ... struct radix_tree_root s_unrm ; "second chance tree" □ ... radix tree rooted at ext4 superblock info □ ... struct dir 123 ! ! G N I indexed by directory inode # R ○ file each node in the tree points to a linked list □ . c e s 0 3 file . c ○ Linked lists e s 0 3 file For each directory, use a linked list to keep track □ of individual rm'd files from that dir ○ Work queues Finish unlinking process after set period of time □

  14. UNRM: OVERVIEW ext4_sb_info ○ Create a tree ... struct radix_tree_root s_unrm ; "second chance tree" □ ... radix tree rooted at ext4 superblock info □ ... struct goodbye dir 123 world :( indexed by directory inode # ○ file each node in the tree points to a linked list □ . c e s 0 3 file . c ○ Linked lists e s 0 3 file For each directory, use a linked list to keep track □ of individual rm'd files from that dir ○ Work queues Finish unlinking process after set period of time □ File is removed + entry from linked list removed □

  15. UNRM: OVERVIEW ext4_sb_info ○ Create a tree ... struct radix_tree_root s_unrm ; "second chance tree" □ ... radix tree rooted at ext4 superblock info □ ... struct dir 123 indexed by directory inode # ○ each node in the tree points to a linked list □ . c e s 0 3 file . c ○ Linked lists e s 0 3 file For each directory, use a linked list to keep track □ of individual rm'd files from that dir ○ Work queues Finish unlinking process after set period of time □ File is removed + entry from linked list removed □

  16. UNRM: ext4_unrm_save() ○ Idea : Intercept unlinking process at the fs layer Want to invalidate associated dentry (negate it) □ So that lookups fail ○ $ ls testfile testfile: No such file or directory $ ▌ ...but keep around the inode secretly (link count > 0) □ keep around the negative dentry too □ we'll need to "instantiate" it again if we call unrm ○ ...i.e., make the path lookup succeed again! ○

  17. UNRM: ext4_unrm_save() ○ Idea : Intercept unlinking process at the fs layer ext4_unlink() □ ext4_unrm_save(): ○ Inserts new entry in our radix tree Save relevant info that will let us unrm □ i.e. Save pointers to the inode and dentry □ ○ But do not drop the inode's i_nlink (# of hard links)

  18. UNRM: ext4_unrm_save() ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls -lih /home/jyu 795 drwx------ 41 jyu jyu 4.0K Aug 12 22:37 /home/jyu $ ls testfile.pdf track01.mp3 important.doc $ ls -lih testfile.pdf 901 -rw-r--r-- 1 jyu jyu 94K Jun 23 18:04 testfile.pdf $ ▌

  19. UNRM: ext4_unrm_save() ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls -lih /home/jyu 795 drwx------ 41 jyu jyu 4.0K Aug 12 22:37 /home/jyu key: 795 ➞ Create a new list $ ls head ➞ Insert into radix testfile.pdf track01.mp3 important.doc tree with key 795 $ ls -lih testfile.pdf ➞ Create list node with: 901 -rw-r--r-- 1 jyu jyu 94K Jun 23 18:04 testfile.pdf $ rm testfile.pdf $ ▌

  20. UNRM: ext4_unrm_save() ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls -lih /home/jyu 795 drwx------ 41 jyu jyu 4.0K Aug 12 22:37 /home/jyu key: 795 ➞ Create a new list $ ls head ➞ Insert into radix testfile.pdf track01.mp3 important.doc tree with key 795 □ inode 901 $ ls -lih testfile.pdf ➞ Create list node □ dentry with: 901 -rw-r--r-- 1 jyu jyu 94K Jun 23 18:04 testfile.pdf □ pointer to inode □ pointer to dentry $ rm testfile.pdf □ allocated work $ ▌

  21. UNRM: ext4_unrm_save() ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls -lih /home/jyu ### inode 795 795 drwx------ 41 jyu jyu 4.0K Aug 12 22:37 /home/jyu key: 795 ➞ Create a new list $ ls head ➞ Insert into radix testfile.pdf track01.mp3 important.doc tree with key 795 □ inode 901 $ ls -lih testfile.pdf ➞ Create list node □ dentry with: 901 -rw-r--r-- 1 jyu jyu 94K Jun 23 18:04 testfile.pdf □ pointer to inode □ pointer to dentry $ rm testfile.pdf ### inode 901 □ allocated work $ rm track01.mp3 ### inode 941 □ inode 941 $ ▌ □ dentry

  22. UNRM: ext4_unrm_save() ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls -lih /home/jyu ### inode 795 795 drwx------ 41 jyu jyu 4.0K Aug 12 22:37 /home/jyu key: 795 ➞ Create a new list $ ls head ➞ Insert into radix testfile.pdf track01.mp3 important.doc tree with key 795 □ inode 901 $ ls -lih testfile.pdf ➞ Create list node □ dentry with: 901 -rw-r--r-- 1 jyu jyu 94K Jun 23 18:04 testfile.pdf □ pointer to inode □ pointer to dentry $ rm testfile.pdf ### inode 901 □ allocated work ➞ Negative dentries $ rm track01.mp3 ### inode 941 created as unlink □ inode 941 process finishes $ ls track01.mp3 □ dentry track01.mp3: No such file or directory $ ▌

  23. UNRM: RECURSIVE RM ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls testfile.pdf music/ $ ls music/ track01.mp3 $ ▌

  24. UNRM: RECURSIVE RM ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls testfile.pdf music/ $ ls music/ track01.mp3 $ rm -r * ### BOOM $ ▌

  25. UNRM: RECURSIVE RM ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls testfile.pdf music/ key:/home/jyu $ ls music/ track01.mp3 □ testfile.pdf $ rm -r * ### BOOM □ dentry $ ▌ □ music/ □ dentry * inode #'s replaced with filenames for simplicity

  26. UNRM: RECURSIVE RM ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls testfile.pdf music/ key:/home/jyu $ ls music/ track01.mp3 □ testfile.pdf $ echo * □ dentry testfile.pdf music ### rm -r * uses this order $ rm -r * ### BOOM $ ▌ □ music/ Mark dir entries so dir=1 that we can recurse □ dentry into them when unrm is called later * inode #'s replaced with filenames for simplicity

  27. UNRM: RECURSIVE RM ext4_sb_info ▌ radix_tree_root $ pwd s_unrm /home/jyu/ $ ls testfile.pdf music/ key:/home/jyu key: music/ $ ls music/ track01.mp3 □ testfile.pdf □ track01.mp3 $ echo * □ dentry □ dentry testfile.pdf music ### rm -r * uses this order $ rm -r * ### BOOM $ ▌ □ music/ dir=1 □ dentry * inode #'s replaced with filenames for simplicity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First

Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First

IWKS 3300: NAND to Tetris Spring 2019 John K. Bennett Machine Language Foundations of Global Networked Computing: Building a Modern Computer From First Principles This course is based upon the work of Noam Nisan and Shimon Schocken. More

753 views • 37 slides
Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your

Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your

Hackers Exposed: Kevin Mitnick Shares His Tradecraft and Tools to Help You Hack Proof Your Network Perry Carpenter Kevin Mitnick Chief Evangelist & Strategy Officer Chief Hacking Officer KnowBe4, Inc. KnowBe4, Inc. Kevin Mitnick Chief

601 views • 13 slides
Supernova Hack Days July 25-27 ( FULL DAYS ) Location: FNAL Required setup homework

Supernova Hack Days July 25-27 ( FULL DAYS ) Location: FNAL Required setup homework

Supernova Hack Days July 25-27 ( FULL DAYS ) Location: FNAL Required setup homework ahead of time Proposed format: (inspired by LSST) everyone signs up for an achievable task matched to interests and knowledge,

485 views • 3 slides
Hack for HipHop Julien Verlaguet (Facebook) HipHop Team What

Hack for HipHop Julien Verlaguet (Facebook) HipHop Team What

Hack for HipHop Julien Verlaguet (Facebook) HipHop Team What is PHP good at? PHP features: Very fast installaAon Ame A lot of libraries

564 views • 20 slides
Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Mr. Robot, an Emmy Award-winning TV drama starring a vigilante hacker CS 88S Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review last weeks material Hack Hollywood Hacking: The Good, The

718 views • 45 slides
What goes wrong when thousands of engineers share the same continuous build? Eran Messeri,

What goes wrong when thousands of engineers share the same continuous build? Eran Messeri,

What goes wrong when thousands of engineers share the same continuous build? Eran Messeri, Google eranm@google.com Goals Demonstrate feasibility of working from head Prove the importance of reliable, automated tests. Show how

3.03k views • 18 slides
How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The

How to Hack Blockchain Systems Parinya Ekparinya Vincent Gramoli Guillaume Jourjon The University of Sydney Page 1 Blockchain Block #41 Block #42 Block #43 Block #44 Proof: Proof: Proof: Proof: 0xd00d1e 0xc0ffee 0xf00baa

630 views • 41 slides
Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl lex.augusteijn@gmail.com History March 2003: Canon 10D was introduced $1500 DSLR 6Mpix CMOS sensor August 2003: Canon 300D was introduced

332 views • 22 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

The Derivative Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University Math/Stat Dept Colloquium The

1.39k views • 106 slides
Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

455 views • 9 slides
02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October

Association for Creepy Mansions 02 October 2020 Association for Computing Machinery 02 October 2020 Miami Hacks | October 2nd-4th Florida International University 36 Hour Hackathon Online! October 2nd-4th Register at

640 views • 31 slides
USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc.

USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc.

USB HID Hacker Interface Design Jason Pisani Paul Caruga6 Richard Rushing Motorola, Inc. USBHID USB device class that describes human interface devices such as keyboards, mice, game controllers ,alphanumeric display devices, and

321 views • 8 slides
Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka ,

Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka ,

Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes Daniel Votipka , Rock A. Stevens, Elissa M. Redmiles, Jeremy Hu, and Michelle L. Mazurek 22 May 2018 VULNERABILITY DISCOVERY 2 VULNERABILITY DISCOVERY

375 views • 26 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 | Confidential Provided for Workshop use only Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining

517 views • 17 slides
The Future Of Hacking possible Bernd Fix, Wau Holland Stiftung And if criminals are the price

The Future Of Hacking possible Bernd Fix, Wau Holland Stiftung And if criminals are the price

The Future Of Hacking possible Bernd Fix, Wau Holland Stiftung And if criminals are the price we must pay for rebels, heretics, and geniuses, I'm willing to pay it. I demand the price to be paid. Are criminals the only possible payment?

418 views • 14 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
Introduction CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Introduction CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula,

Introduction CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate Wang

787 views • 44 slides
CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi

CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi

CAN ORGANIZATIONS SURVIVE A POLI-CYBER BREACH ? K e y n o t e b y K h a l e d F a t t a l MLi Group, C h a i r m a n ( @ ) M L i G r p ( d o t ) c o m 1 WHAT IS A POLI-CYBER ? CYBER ATTACKS PERPETRATED OR INSPIRED BY EXTREMIST

520 views • 17 slides
Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research

Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research

Introduction to Hacking Sean-Philip Oriyano About Me O Over twenty years in IT Security O Author of research articles and six books O CISSP, CNDA, CEH and others O Consultant for US Military and Private corporations Agenda O Elements of

680 views • 27 slides
ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect

ELC 2013 Security: Best Practices for Embedded Systems John Mehaffey Senior System Architect Embedded Systems Division mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux

544 views • 17 slides
UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web

UCyber Meeting 4 Last Week... Discussed Dates of Siemens CDC visit Dominick gave a web development presentation Discussed future topics for meetings Talked about getting involved on our GH github.com/ucyber Moved

330 views • 8 slides
Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes

Computer graphics 2: Graduate seminar in computational aesthetics Angus Forbes evl.uic.edu/creativecoding/cs526 Computer Graphics 2 instructor angus graeme forbes course syllabus http://evl.uic.edu/creativecoding/cs526 lab page

571 views • 45 slides

More recommend