[Novalug] linux fundamentals: partitions

Rich Kulawiec rsk@gsp.org
Mon Mar 9 17:25:41 EDT 2015


On Mon, Mar 09, 2015 at 12:43:02PM -0700, Walt Smith via Novalug wrote:
> It seems to me a created unformatted partition can hold data.  
> So I don't see why even some bin file couldn't be just "dd file"
> directly to the partition ? [...]
> 
> Relatedly, since it's merely data, why could not some data be written
> to some area of the disk even without a partition? 

Yes, you can do this -- because every disk (and disk partition) is a file,
thus you can open it up and read/write from/to it like any another file.

	dd if=/dev/rsd0g bs=20k | od -c | more (BSD-ish)
	dd if=/dev/sda3 bs=20k | od -c | more (Linux-ish)

will read the relevant disk partition in 20K chunks, push it through
od and more and onto your screen.  You can also write, but I wouldn't
advise it unless you're very sure what you're doing, as overrunning
a partition with a real live filesystem in it would be Bad [1].

Back in the day, there used to be some databases which would use raw
disk real estate in this fashion in order to bypass the overhead of
the layers of filesystem code in the OS and thus achieve higher performance.
However, I doubt that's necessary any more: modern filesystems are
very efficient and it's unlikely that the marginal performance win
gained by going around them would be worth the code complexity.

This isn't a particularly useful data hiding technique, as anyone
can use dd to simply read the entire physical disk and thus can scoop
up not only everything that exists in any filesystem (or swap area)
but anything that exists on the disk, period.  I suppose you could
create an otherwise-empty partition, encrypt a file with PGP, and
then dd the file into that partition, where it might appear to just
be random leftover gibberish on the disk.  Not sure that's useful, though.

If you're going to fiddle with this, I'd suggest using a USB stick
or external disk drive to hold the partitions and scripting everything
so that you can't accidentally reference the disk you're running on.

---rsk

[1] Bad, as in:

    Spengler: It would be bad.

    Venkman: I'm fuzzy on the whole good/bad thing. What do you mean, "bad"?

    Spengler: Try to imagine all life as you know it stopping
    	instantaneously and every molecule in your body exploding
	at the speed of light.



More information about the Novalug mailing list