Fedora 22: xfsprogs Update Critical: xfs_metadump Data Exposure

A set of commands to use the XFS filesystem, including mkfs.xfs.

XFS is a high performance journaling filesystem which originated

on the SGI IRIX platform. It is completely multi-threaded, can

support large files and large filesystems, extended attributes,

variable block sizes, is extent based, and makes extensive use of

Btrees (directories, extents, free space) to aid both performance

and scalability.

Refer to the documentation at for complete details. This implementation is on-disk compatible

with the IRIX version of XFS.

Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.

The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:

By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in leng...