Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bind8 exploit and a deleted partition map

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Tue, 13 Feb 2001 14:49:14 -0500
On Tue, 13 Feb 2001, Luciano Miguel Ferreira Rocha wrote:


If you want to make sure that a partition table does exist before
rebooting a machine, do a fdisk -l. If no partition table is found,
reconstruct it with the information contained in /proc/partitions and
dmesg. (Alas, that information may not be sufficient and /proc file
and fdisk are linux specific, I don't know if they work that way in
other OS.)


i have done that in the past, basically using fdisk to recreate a
partition table. unless you remake the filesystems, you're set. the table
is just that, a small table that simply tells where and how to access the
disk for a 'partition'. worked like a champ on C:\, but due to some off
step partitions D:\ was irrecoverable. (this was Win95, btw.)

should work for ext2 filesystems (in Linux). should also work for SCSI
disks. the trick is getting the exact correct data about the partition
table, including cylinders and such.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: