Find the answer to your Linux question:
Results 1 to 6 of 6
I would like hear from other members,whether its worth an effort to rewrite a file hiding tool for linux which works ext2/3/4. I wrote something like that 4/5 years back ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,758

    Lightbulb Feedback file hiding tool


    I would like hear from other members,whether its worth an effort to rewrite a file hiding tool for linux which works ext2/3/4. I wrote something like that 4/5 years back - but it was rather dangerous tool.Now I found a new safe? way for writing such tool. But users/admin are interested in such kind of tool ?
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,387
    I looked at your exthide.
    Sorry to say, but I believe a sysadmin (like me) wouldnt like a "exthide 2.0" too much.

    Here are some reasons:
    1) A hiding feature is unexpected in ext2/3/4. So bughunting is harder ("Where did my files go?")
    2) No offence, but I would question the safety of such a tool as it is a) quite low level, b) decoupled from the ext2/3/4 development, c) probably will have less peer review than ext2/3/4
    3) Consistency and safety part 2: What happens if the fs gets fscked? Hidden files are lost or unhidden or untouched or...?
    4) I assume a carving tool would find these files, hidden or not. So this hiding is security-by-obscurity at best.
    5) What happens if a file with the same name as a hidden file is created?

    Furthermore, what is the proposed usecase?
    Maybe file selection is easier: Instead of "--exclude file_a --exclude file_b *", one could hide file_a and file_b and just use "*".
    But if this is used in a process, script or cronjob, then there is a dependency to ext2/3/4. You cannot just use e.g. xfs.
    Giving up portability would need strong reasons and the easier file selection is not one.
    For the hiding step, you need to know the filenames. If you know the filenames, you can as well create an exclude list.

    So unless I overlooked a killer feature, I wouldnt consider exthide 2.0 for production use.
    You must always face the curtain with a bow.

  3. #3
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,758
    Sorry to say, but I believe a sysadmin (like me) wouldnt like a "exthide 2.0" too much.

    Here are some reasons:
    1) A hiding feature is unexpected in ext2/3/4. So bughunting is harder ("Where did my files go?")
    2) No offence, but I would question the safety of such a tool as it is a) quite low level, b) decoupled from the ext2/3/4 development, c) probably will have less peer review than ext2/3/4

    Yes,its true it needs peer review from ext2/3/4 developer. I hope it can get a review/approval from the developers
    In fact,I stopped working on exthide 1.0, when ext4 lead developer said, 'this is dangerous tool, won't recommend it to users'


    3) Consistency and safety part 2: What happens if the fs gets fscked? Hidden files are lost or unhidden or untouched or...?
    The files are not lost, they kept in hidden directory. fsck counts the blocks and its mapping between inodes , assumes
    everything is fine.It won't compplain or detect any issue (this is one of the reason 2.0 is slightly better than 1.0)


    4) I assume a carving tool would find these files, hidden or not. So this hiding is security-by-obscurity at best.
    file carving activity is long process.Its more like solving a puzzle. yes,its right,if someone ready to few days
    with carving/forensic tools - he can get those files

    5) What happens if a file with the same name as a hidden file is created?
    It won't affect the hidden file, Since the file is moved into hidden directory.
    (say, mv file.txt <hidden-dir>)


    Furthermore, what is the proposed usecase?
    Maybe file selection is easier: Instead of "--exclude file_a --exclude file_b *", one could hide file_a and file_b and just use "*".
    But if this is used in a process, script or cronjob, then there is a dependency to ext2/3/4. You cannot just use e.g. xfs.
    Giving up portability would need strong reasons and the easier file selection is not one.
    For the hiding step, you need to know the filenames. If you know the filenames, you can as well create an exclude list.

    So unless I overlooked a killer feature, I wouldnt consider exthide 2.0 for production use.
    It can't use anyother file system other than ext2/3/4. I don't think, it has any killer feature, just a simple hiding tool.
    Okay, I would take it as a thumbs-down from sys.admin view As a desktop user,does your view differ on such tool ?
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  4. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,387
    Hmm, I am a bad example for a typical desktop user as I am influenced by my job.
    If I want to place some files out of reach of anybody but me I choose traditional methods, aka encryption.
    You must always face the curtain with a bow.

  5. #5
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,540
    I have to agree with Irithori. The only use case I could possibly see is for some kind of data protection and for that I would use encryption. Maybe combining encryption and hiding could be useful and I see that truecrypt does such a thing
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

  6. #6
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,758
    Quote Originally Posted by elija View Post
    I have to agree with Irithori. The only use case I could possibly see is for some kind of data protection and for that I would use encryption. Maybe combining encryption and hiding could be useful and I see that truecrypt does such a thing
    thanks elija, thats a good suggestion , I can add encryption feature and then hide it :P Its will be double safe. I haven't used truecrypt so far,I'll play with it and understand the internals. thanks for the link!
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •