Page 1 of 1

My issues with Unix device names

Posted: Fri Mar 26, 2010 8:58 am
by Gigasoft
In Unix based systems, configuration files, such as /etc/fstab, frequently refer to device names. What people often don't think about is that these device names can change on their own behind your back.

Consider the following situation:

A company has an old file server running Windows, where the R&D department stores their work. With the server sitting in the server room and accumulating dust for years, one day the dust short circuits the motherboard and the server won't start anymore. They also have a server running Linux, so they take the disk from the old computer (which is formatted with FAT32) and put it in the Linux server. The primary master is the system disk, and two hard disks filled with high resolution demonstration videos and presentations for their products are connected as primary slave and secondary master. Therefore, the disk with the R&D department's files becomes the secondary slave. To be extra sure that no one unauthorized will be able to access their important files, they create a directory called /development and assigns read, write and execute permissions to the R&D department, while denying all access for everyone else, and they mount the R&D department's old hard disk at /development/old. The Linux server also hosts the company's website, and all the demonstration videos are freely available for online viewing. One might argue that this is an insecure practice, but Linux is a well established operating system with process isolation and tight access control, so it should be no problem, right? Of course, the web server service has no access to the /development directory or its subdirectories. So, /etc/fstab looks like this:

Code: Select all

/dev/hda1 /                auto defaults 0 0
/dev/hda2 swap             swap defaults 0 0
/dev/hdb1 /wwwroot/videos1 auto rw       0 0
/dev/hdc1 /wwwroot/videos2 auto rw       0 0
/dev/hdd1 /development/old auto rw       0 0
This works out quite well, in theory.

Now, suppose one day, the power goes out. When the power comes back and the server reboots, one of the hard disks no longer functions, and isn't even detected by the computer. It's the primary slave. The server prints out an error message in the middle of one of the pages of startup messages rolling across the screen, but no one ever goes to the server room so they don't see it. Now /dev/hdb is the secondary master and /dev/hdc is the secondary slave. You can imagine what happens next. Someone logs on to their website and clicks on several videos, but they don't load. So he thinks maybe he should check if the /videos2 directory really contains anything. He navigates to /videos2 and to his surprise, he instead gets a listing of the R&D department's files. He steals all their ideas and patents them, and the company goes bankrupt.

This demonstrates how inherently insecure Linux and other Unix variants are.

In Windows, storage device names can also change, but the permanent drive letter assignments aren't to specific device names, instead they refer to the volume by an unique volume identifier.

Re: My issues with Unix device names

Posted: Fri Mar 26, 2010 11:01 am
by quok
Gigasoft wrote:In Unix based systems, configuration files, such as /etc/fstab, frequently refer to device names. What people often don't think about is that these device names can change on their own behind your back.
...

Code: Select all

/dev/hda1 /                auto defaults 0 0
/dev/hda2 swap             swap defaults 0 0
/dev/hdb1 /wwwroot/videos1 auto rw       0 0
/dev/hdc1 /wwwroot/videos2 auto rw       0 0
/dev/hdd1 /development/old auto rw       0 0
...
In Windows, storage device names can also change, but the permanent drive letter assignments aren't to specific device names, instead they refer to the volume by an unique volume identifier.
Snipped out irrelevant parts of your post. You do realize that Linux (and I'm sure other UNIXes as well) also support LABEL= for filesystem labels and UUID= for device uuids in /etc/fstab? Those two options completely do away with your scenario.

Also, if /dev/hdc ends up not being detected on a reboot, /dev/hdd doesn't become /dev/hdc. It stays as /dev/hdd. I'll grant that in some strange scenarios device names may change, but that's much more likely to be the case if an extra NIC is added to the system (in a PCI slot above the current NIC) than if an existing hard disk isn't detected or additional ones are added.

Even for NICs, there's measures for ensuring your interface names don't change.

Re: My issues with Unix device names

Posted: Fri Mar 26, 2010 12:48 pm
by Owen
I have a genuine Unix system locally. It runs OpenSolaris. It doesn't have this "fstab" file you speak of, but it does have a "vfstab".

It looks like this

Code: Select all

owenshep@Asuka:~$ cat /etc/vfstab
#device         device          mount           FS      fsck    mount   mount
#to mount       to fsck         point           type    pass    at boot options
#
/devices        -               /devices        devfs   -       no      -
/proc           -               /proc           proc    -       no      -
ctfs            -               /system/contract ctfs   -       no      -
objfs           -               /system/object  objfs   -       no      -
sharefs         -               /etc/dfs/sharetab       sharefs -       no      -
fd              -               /dev/fd         fd      -       no      -
swap            -               /tmp            tmpfs   -       yes     -

/dev/zvol/dsk/rpool/swap        -               -               swap    -       no      -
Can you please spot a device name in there? I'm having trouble doing so. The closest I see is the swap ZFS volume, but that only contains a reference to a ZFS pool, not a device.

And, in any case, on Solaris disk device names don't change unless you install a new controller. On my system, I have the following mounted:

Code: Select all

c0d0
c7d0s0
c8d0
Those stand for "controller 0, device 0 (i.e. full device)", "controller 7 device 0 slice 0" (Slice being Solaris' term for Partition) and "controller 8 disk 0". The only way those will change is if you install a new disk controller.

And even then, if you're using ZFS, it boots by looking for the correctly labelled ZFS pool and volumes. For legacy UFS (Unix File System) partitions, I'm not sure, but I believe it still uses vfstab.

Unix doesn't need to mount its devices by name, and the issue is completely orthogonal to the file system structure

An aside, an awesome ZFS related Solaris feature: Doing "pkg image-update", which is the same as "apt-get upgrade", creates a new volume, made copy on write with the currently booted one, and then installs the upgrade into that - making upgrades atomic and providing safe rollback

Re: My issues with Unix device names

Posted: Fri Mar 26, 2010 1:10 pm
by quok
Ah, I had meant to post something about Solaris as well after I made my first post since I have many many many Solaris systems at work but that completely slipped my mind since it's been a busy day at work. Thanks Owen for providing such a fine example. :)