149480 – debugfs ls / ls -l / ls -d is not very useful for hacked filesystems

Bug 149480 - debugfs ls / ls -l / ls -d is not very useful for hacked filesystems

Summary: debugfs ls / ls -l / ls -d is not very useful for hacked filesystems

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	e2fsprogs
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Jay Turner
Docs Contact:
URL:	http://sourceforge.net/tracker/index....
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-02-23 15:03 UTC by Jason Pyeron
Modified:	2015-01-08 00:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-05-13 20:57:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
SOURCES/e2fsprogs-1.32-parsable.patch (1.17 KB, patch) 2005-02-23 15:05 UTC, Jason Pyeron	no flags	Details \| Diff
SPECS/e2fsprogs.spec (13.17 KB, text/plain) 2005-02-23 15:06 UTC, Jason Pyeron	no flags	Details
View All

Description Jason Pyeron 2005-02-23 15:03:37 UTC

adding an option to ls to produce a parsable output (-p)

while working with a compromized system (suckit root kit)
hidden files were viewable by debugfs but not any other utility.
when spaces and tabs were put into the directory names defugfs did 
not "show" them.

ie: /var/cache/        /hiddenfiles
(8 spaces)


ls -p 
quotes the output so is can be parsed easily.

/inode/mode/uid/gid/name/size/

ie: 
#debugfs /dev/hdc3 -R 'ls -p "/tmp"' 2> /dev/null
/11157571/100644/0/0/kernel-2.4.18-3.i386.rpm/11889996/
/11157526/100600/48/48/sess_4883287ea7160ef4773efb54688c4885/0/
/11157566/100600/48/48/sess_cc8994e4ff8928e75890d228f3e6d29d/0/
/11157565/100666/56672/616/.303.461f0a/5/
/11157569/100644/549/555/d.tgz/15045/
/11157614/100644/0/0/db4-4.1.25-8.src.rpm/3365800/
/11157568/100644/0/0/crontabs-1.10-1.noarch.rpm/4188/
/11157573/100644/0/0/krbafs-utils-1.1.1-1.i386.rpm/20086/
/11157570/100644/0/0/initscripts-6.67-1.i386.rpm/628134/
/11157572/100644/0/0/krbafs-1.1.1-1.i386.rpm/23597/
/11157574/100644/0/0/list.lst/1516/


Additional info:

Comment 1 Jason Pyeron 2005-02-23 15:05:26 UTC

Created attachment 111337 [details]
SOURCES/e2fsprogs-1.32-parsable.patch

Comment 2 Jason Pyeron 2005-02-23 15:06:12 UTC

Created attachment 111338 [details]
SPECS/e2fsprogs.spec

Comment 3 Suzanne Hillman 2005-05-13 20:08:49 UTC

In order to file a RHEL feature request, please either contact Red Hat's
Technical Support line at 888-REDHAT-1 or file a web ticket at
http://www.redhat.com/apps/support/.  Bugzilla is not an official support
channel, has no response guarantees, and may not route your request to the
correct area to assist you.  Using the official support channels above will
guarantee that your issue is handled appropriately and routed to the
individual or group which can best assist you with this issue and will also
allow Red Hat to track the issue, ensuring that any applicable feature
addition is included in all releases and is not dropped from a future update
or major release.

Comment 4 Jason Pyeron 2005-05-13 20:43:38 UTC

neither option provides a valid path as suggested above.

Comment 5 Jason Pyeron 2005-05-13 20:57:27 UTC

migrating to http://sourceforge.net/tracker/index.php?
func=detail&aid=1201657&group_id=2406&atid=102406

Comment 6 Jason Pyeron 2005-05-13 21:24:25 UTC

use the url in the URL field to follow to the correct SF.net RFE page.

http://sourceforge.net/tracker/index.php?
func=detail&aid=1201667&group_id=2406&atid=352406

Note You need to log in before you can comment on or make changes to this bug.