This is forwarded from the [email protected] mailing list. I think you
guys can answer this question better. Please cc: them in any replies.
-b
"Fabio Pietrosanti (naif)" wrote:
> Hi ppl,
> i'm currently involved in the analisys of a compromised linux box.
> It was a IBM xSeries server.
>
> I transfer the partition of the server using cat /dev/partition| nc
> host_of_dump_storage 8889, then i check the checksum using md5sum and all it's
> ok.
>
> Where's the problem?
>
> There are 2 partition dump of 8GB .
> So i have to mount another 30GB hd, i installed Linux Kernel 2.4.2 with the
> 30gb on reiserfs .
> I recompiled all fileutils, util-linux and bin-utils with kernel 2.4.2 and the
> define for => 2GB file support .
>
> Ok, now i could download the partition, i could ls, more, strings the
> partition, but i need to use it as loop device!!
>
> When i mount the partition as loop device the mount command HANG on read()
> function... it seems that loop device under linux didn't work against => 2gb
> files ?
>
> Any solutions?
>
> Best Regards
>
> --
> Pietrosanti Fabio I.NET SpA, High Quality Access to the Internet
> e-mail: [email protected] ( Direzione Tecnica, Security Staff )
> [email protected]
> PGP Key (DSS) http://naif.itapac.net/naif.asc
>
> Home Page URL: http://www.inet.it
> Sede: Via Darwin, 85 20019 Settimo Milanese (MI)
> Tel: 02-328631 Fax: 02-328637701
> --
> Free advertising: http://www.openbsd.org - Multiplatform Ultra-secure OS
"Fabio Pietrosanti (naif)" wrote:
> > i'm currently involved in the analisys of a compromised linux box.
> > It was a IBM xSeries server.
> >
> > I transfer the partition of the server using cat /dev/partition| nc
> > host_of_dump_storage 8889, then i check the checksum using md5sum and
> > all it's ok.
> >
> > There are 2 partition dump of 8GB .
> > So i have to mount another 30GB hd, i installed Linux Kernel 2.4.2 with
> > the 30gb on reiserfs .
> > I recompiled all fileutils, util-linux and bin-utils with kernel 2.4.2
> > and the define for => 2GB file support .
> >
> > Ok, now i could download the partition, i could ls, more, strings the
> > partition, but i need to use it as loop device!!
> >
> > When i mount the partition as loop device the mount command HANG on read()
> > function... it seems that loop device under linux didn't work against => 2gb
> > files ?
There is a bug in 2.4.2 with the loop device, which is fixed in -ac series.
Also, I don't think it is possible to use > 2GB for loop (or at least that
used to be the case).
Cheers, Andreas
--
Andreas Dilger \ "If a man ate a pound of pasta and a pound of antipasto,
\ would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/ -- Dogbert
Andreas Dilger wrote:
> There is a bug in 2.4.2 with the loop device, which is fixed in -ac series.
Also fixed in 2.4.3-pre series.
cu
Jup