Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.questions
Subject: Re: hiding files under a mount point.
Message-ID: <19120@rpp386.cactus.org>
Date: 25 Mar 91 14:29:59 GMT
References: <1991Mar18.045734.5114@brolga.cc.uq.oz.au> <1991Mar21.175748.27202@NCoast.ORG>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 25
X-Clever-Slogan: Recycle or Die.

In article <1991Mar21.175748.27202@NCoast.ORG> jeffl@NCoast.ORG (Jeff Leyser) writes:
>In post <1991Mar18.045734.5114@brolga.cc.uq.oz.au>, ggm@brolga.cc.uq.oz.au (George Michaelson) says:
>!How "invisible" are they? Can this be exploited meaningfully by sysops
>!or others to provide secure online storage of files you don't want
>!mortals to know about? (/usr is a bad example. unmounting makes the
>!system pretty useless. some other places might be more bearable.)
>
>They're completely invisible, at lease to all "useful" utilities.  The
>only way to manipulate the "hidden" would be by i-node numbers, and I
>don't think anything other than fsdb will be able to do that for you.
>Of course, unmounting the "overlay" will allow you to manipulate the (no
>longer) hidden files in the usual manner.

No, they are quite visible to the "dump" utility, and you can infact
recover the files by dumping the partition and then extracting the files
from the dump tape.

Of course this is cheating since "dump" reads the raw partition, but
I didn't want people to go away with the impression that you can't
get to files under a mount point.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"I've never written a device driver, but I have written a device driver manual"
                -- Robert Hartman, IDE Corp.