From owner-freebsd-hackers Tue Feb 25 05:26:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA21161 for hackers-outgoing; Tue, 25 Feb 1997 05:26:57 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA21156 for ; Tue, 25 Feb 1997 05:26:50 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id AAA10544; Wed, 26 Feb 1997 00:25:57 +1100 Date: Wed, 26 Feb 1997 00:25:57 +1100 From: Bruce Evans Message-Id: <199702251325.AAA10544@godzilla.zeta.org.au> To: bde@zeta.org.au, rhh@ct.picker.com Subject: Re: dd of=/dev/rwd1s2 -- How? Cc: hackers@FreeBSD.ORG Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > |Remove the BSD label from the slice. This isn't easy. IIRC, the easiest > |way is to corrupt the label by writing to it via /dev/rwd1. This exploits > |a bug in the write protection. > |... >I would have thought this would have been easier. It should have been. >I lost my root partition with 2.2-ALPHA Saturday due to it overwriting the >boot record and the FreeBSD boot blocks on my root partition (wd1s3), so >some piece of code got permission to do this, and given that my other >partitions are fine, I wouldn't guess it was via /dev/rwd1. There's an ioctl to do it. Writing directly to the label sector works provided this ioctl is issued and a valid label is written, at least if writing the label would not cause an open partition to move or shrink. You can arrange this for copying partitions something like this: 1. Edit the label on the target to make it identical with the label on the source. This can be difficult if the normal label partition (`c') would move or shrink. The disklabel man page has a hint about what to do: add a dummy partition starting at offset 0 with length >= 2 and run disklabel on that. 2. Keep a device on drive open using something like `cat /dev/rwd1 >/dev/null' followed by ^Z. 3. Disable write protection using disklabel -N. >Will changing the slice type to something other than A5 with fdisk give me >write access on rwd1s3 again? It would make sense -- FreeBSD magic >shouldn't be checked for in a non-FreeBSD slice. No, FreeBSD only uses the type byte for deciding where the compatibility slice is. The label has magic numbers and a checksum so it can be relied on more than the type byte. >Speaking of my 2.2-ALPHA corruption, I don't know if this bug has been >fixed or not in 2.2-GAMMA, but is there a person I should mail a MIMEd copy >of the 1st 16k or so of my corrupted image to. It looks like the >corruption is limited to that section, and the content might gives some >clues as to the bug at work. (I saved off the whole partition in hopes of >being able to re-disklabel it, without success I'm afraid). You can send a uuencoded copy of it to me. Bruce