| [9] | 1 | de - A Minix Disk Editor
|
|---|
| 2 |
|
|---|
| 3 | Terrence W. Holm, Jan. 1989
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 | INTRODUCTION
|
|---|
| 7 |
|
|---|
| 8 | The de(1) disk editor allows a system administrator to
|
|---|
| 9 | look at and modify a Minix file system device. Commands
|
|---|
| 10 | allow movement throughout a file system device, displaying
|
|---|
| 11 | information in a couple of formats, writing blocks from
|
|---|
| 12 | the device onto another file, and rewriting words on the
|
|---|
| 13 | disk.
|
|---|
| 14 |
|
|---|
| 15 | A few changes to the Minix file system aid recovering files.
|
|---|
| 16 | I-node numbers are retained in directory entries now (they
|
|---|
| 17 | get moved to the end). And all the i-node information is not
|
|---|
| 18 | zeroed-out when a file is unlinked. So, after a file is
|
|---|
| 19 | accidently rm(1)'ed, you can find the old i-node, and then
|
|---|
| 20 | manually (or automatically) go to each of the freed blocks
|
|---|
| 21 | and write them to a new file.
|
|---|
| 22 |
|
|---|
| 23 |
|
|---|
| 24 | USES FOR THE DISK EDITOR
|
|---|
| 25 |
|
|---|
| 26 | 1) EDUCATION. Students can look at a file system in
|
|---|
| 27 | a painless manner. For example you don't have to
|
|---|
| 28 | use od(1) to look at the zone numbers in i-nodes.
|
|---|
| 29 |
|
|---|
| 30 | A simple assignment is to change the size of an un-mounted
|
|---|
| 31 | floppy disk file system from 360 to 300 blocks. (A more
|
|---|
| 32 | difficult assignment is to explain why this works, even
|
|---|
| 33 | though fsck(1) and df(1) do not report the correct number
|
|---|
| 34 | of free blocks. :-)
|
|---|
| 35 |
|
|---|
| 36 | 2) ADMINISTRATION. You can visually check inconsistencies
|
|---|
| 37 | reported by fsck(1) before letting fsck(1) fix them.
|
|---|
| 38 | You can change any word on the disk, this greatly simplifies
|
|---|
| 39 | editing file system information. For example, changing the
|
|---|
| 40 | size of a block special device is actually fun, no more
|
|---|
| 41 | "blind" writing to your partitions.
|
|---|
| 42 |
|
|---|
| 43 | Bit maps can be displayed with 2048 "bits" per screen,
|
|---|
| 44 | (on the IBM/PC console), see how your zones are allocated!
|
|---|
| 45 |
|
|---|
| 46 | 3) RECOVERING LOST FILES. You can search a disk for an ASCII
|
|---|
| 47 | string, once found, the block can be written out to a file.
|
|---|
| 48 |
|
|---|
| 49 | A one line change to fs/path.c allows users to get the i-node
|
|---|
| 50 | number for a file after it has been removed from a directory.
|
|---|
| 51 |
|
|---|
| 52 | Another couple lines changed in the file system keep the
|
|---|
| 53 | i-node information available until the i-node is reused
|
|---|
| 54 | (normally this information is zeroed out when an i-node is
|
|---|
| 55 | released.) This allows a de(1) user to go to a released
|
|---|
| 56 | i-node, get all the block numbers, go to these blocks and
|
|---|
| 57 | write them back to a new file.
|
|---|
| 58 |
|
|---|
| 59 | The whole recovery process is automated by running "de -r file".
|
|---|
| 60 | So, IF a file is unlink(2)'ed (eg. "rm file"), AND IF no one
|
|---|
| 61 | allocates a new i-node or block in the mean-time, THEN you
|
|---|
| 62 | can recover the file.
|
|---|
| 63 |
|
|---|
| 64 |
|
|---|
| 65 | RECOVERY SECURITY
|
|---|
| 66 |
|
|---|
| 67 | Normally Minix hard disk partitions are r/w only by the super-user,
|
|---|
| 68 | and floppy disks are r/w by anyone. This means that only "root"
|
|---|
| 69 | can look at hard disk partitions, but others can use de(1) to play
|
|---|
| 70 | with their floppy disks.
|
|---|
| 71 |
|
|---|
| 72 | When recovering files ("de -r file"), a user requires access to
|
|---|
| 73 | the major file system partitions. This can be done by:
|
|---|
| 74 |
|
|---|
| 75 | (a) Give everyone access to the hard disks. DON'T DO THIS, it
|
|---|
| 76 | defeats all the file system protection we already have.
|
|---|
| 77 |
|
|---|
| 78 | (b) Make de(1) set-uid "root". This is the way to go, IF you
|
|---|
| 79 | are running a Minix system that has NO ACCESS from the
|
|---|
| 80 | outside. This allows anyone to execute "de -r file", but only
|
|---|
| 81 | root to use "de /dev/hd3". De(1) does some checking when
|
|---|
| 82 | retrieving lost blocks, eg. making sure they really are
|
|---|
| 83 | free blocks and making sure the user owned the i-node.
|
|---|
| 84 | BUT, file system information has been lost when the file
|
|---|
| 85 | was unlink(2)'ed, so de(1) can not be 100% sure that a
|
|---|
| 86 | recovered block really belonged to the user. THIS IS A
|
|---|
| 87 | SECURITY HOLE. [Since the only access to my machine is from
|
|---|
| 88 | observable terminals and their associated humans, I run
|
|---|
| 89 | de(1) as set-uid root.]
|
|---|
| 90 |
|
|---|
| 91 | (c) Keep the disks rw-------, and don't set-uid de(1). This
|
|---|
| 92 | means that only the super-user can recover lost files.
|
|---|
| 93 | So, if you accidently "rm", you must tell the system
|
|---|
| 94 | administrator to "su" and recover your file, (be sure to
|
|---|
| 95 | inform the other users to stop whatever they are doing
|
|---|
| 96 | until the file is restored).
|
|---|
| 97 |
|
|---|
| 98 |
|
|---|
| 99 | INSTALLATION
|
|---|
| 100 |
|
|---|
| 101 | - Install de.1 in /usr/man/cat1.
|
|---|
| 102 |
|
|---|
| 103 | - Install the files: Makefile, README, de.h, de.c, de_stdin.c,
|
|---|
| 104 | de_stdout.c, de_diskio.c and de_recover.c in commands/de.
|
|---|
| 105 | Add -F and -T. to the Makefile, if necessary.
|
|---|
| 106 |
|
|---|
| 107 | - "make" de(1). If a header file is not found, don't worry:
|
|---|
| 108 | You probably have it somewhere, just link it to what de(1)
|
|---|
| 109 | is looking for. This program also requires the subroutine
|
|---|
| 110 | tolower(3), see EFTH MINIX report #50, if you don't have it.
|
|---|
| 111 |
|
|---|
| 112 | - Do you really want set-uid root on de?
|
|---|
| 113 |
|
|---|
| 114 | - Patch the files fs/path.c, fs/link.c and fs/open.c. If
|
|---|
| 115 | you don't patch the file system then the recover option
|
|---|
| 116 | "-r" and associated commands ('x' and 'X') will not work,
|
|---|
| 117 | but de(1) is still functional and useful.
|
|---|
| 118 |
|
|---|
| 119 | - "make" a new fs, using -DRECOVER. Rebuild a boot diskette.
|
|---|
| 120 |
|
|---|
| 121 |
|
|---|
| 122 | USING DE(1) FOR THE FIRST TIME
|
|---|
| 123 |
|
|---|
| 124 | De(1) starts up in "word" mode at block 0 of the specified
|
|---|
| 125 | device. Hit the PGDN (or space bar) a few times, observing
|
|---|
| 126 | all the information on the screen. Each PGUP/PGDN moves to
|
|---|
| 127 | the next 1024 byte block, (de(1) only knows about 1 block per
|
|---|
| 128 | zone file systems). Note that "word" mode only displays 32
|
|---|
| 129 | bytes at a time, so you are only observing the first 32 bytes
|
|---|
| 130 | in the first few blocks when you skip using PGDN.
|
|---|
| 131 |
|
|---|
| 132 | Now go back to block 3, (zone bit map), using "g 3 ENTER".
|
|---|
| 133 | Change to "map" mode "v m", and then use the down arrow key
|
|---|
| 134 | to check each 2 Megs in the zone bit map.
|
|---|
| 135 |
|
|---|
| 136 | Now change to "block" mode using "v b". And go to some data
|
|---|
| 137 | block, eg. "g 1000 ENTER". Use PGUP/PGDN to see what data
|
|---|
| 138 | is in each nearby block.
|
|---|
| 139 |
|
|---|
| 140 | Remember 'h' gives you a help page.
|
|---|
| 141 |
|
|---|
| 142 | Try some more commands, for example: 'END', 'I', '/'.
|
|---|
| 143 | (Note: searching through a whole disk under Minix takes a
|
|---|
| 144 | long time: 30-60 seconds per megabyte, depending on your
|
|---|
| 145 | machine, drive and controller, [Minix is embarrassingly slow].)
|
|---|
| 146 |
|
|---|
| 147 | Don't worry about looking at a mounted device, you must specify
|
|---|
| 148 | the "-w" option before the 's' command is operational, and
|
|---|
| 149 | this command is the only one which will try to modify the
|
|---|
| 150 | contents of the device.
|
|---|
| 151 |
|
|---|
| 152 |
|
|---|
| 153 | MINIX-ST
|
|---|
| 154 |
|
|---|
| 155 | Please contact me if you are interesting in attempting a port
|
|---|
| 156 | to MINIX-ST.
|
|---|
