Bug #3402
make VFS.unmount() zero out password
| Status: | Closed | Start date: | 05/22/2014 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | hans | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.2 - reliability and cacheword interop | |||
| Component: |
Description
When `VirtualFileSystem.unmount()` is called, it should no longer be possible to read or write to the filesystem. This can be implemented by zeroing out the stored key and path to the database file. Perhaps it should also zero out the `sqlfs_t`. The read/write code should then check whether there is `sqlfs_t` is null before attempting anything. Maybe this conflicts with the dynamic allocation of `sqlfs_t` when threaded? Then the test can be based on database file name and password.
Associated revisions
zero out database key when done using it
This commit zeros out the stored password when the last instance is closed.
The password has to be stored for multi-threaded mode, since new threads
will need the password in order to access the database.
sqlfs_instance_count() to get number of active sqlfs instances/threads
Each sqlfs_t_init/sqlfs_open call creates an instance of sqlfs, which is
tracked internally. This functions allows wrappers to get the number of
active instances to understand the number of active threads. This is used
to check that an IOCipher VirtualFileSystem can be unmounted.
zero out buffers that temporarily hold password/key data
base open/close functions on the init functions
In order to use the open/close mode as a way to track the mounted state
of the filesystem, the open/close mode needs to work with the init aka
threaded mode. That means that the sqlfs instance created by sqlfs_open*
must be assigned to the pthread_key and the filename and password must be
properly cached for any threads that might be created.
update libsqlfs to get sqlfs_instance_count and fixed open/close
create mount/umount logic based on holding open a sqlfs instance
It turns out that IOCipher needs to have a mounted and unmounted state in
order to trigger when the key/password is zeroed out. So sqlfs_open() is
used to create the first sqlfs instance and keep it open. The actual work
is done by sqlfs instances that are created on the fly for each thread.
That keeps it flexible so that a new sqlfs instance is automatically
instantiated whenever there is an IOCipher call in a new thread.
History
#1 Updated by Anonymous over 3 years ago
- Status changed from New to Resolved
Applied in changeset iocipher|commit:4e4c55bdd59eaa6d8588dc57241a1c3eeb6063f3.
#2 Updated by hans over 3 years ago
- Assignee set to hans
#3 Updated by hans over 3 years ago
- Status changed from Resolved to Closed