lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 Mar 2009 10:12:41 -0500
From:	Eric Sandeen <sandeen@...hat.com>
To:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
CC:	Jan Kara <jack@...e.cz>, linux-ext4@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] ext3: Avoid false EIO errors

Aneesh Kumar K.V wrote:
> On Mon, Mar 30, 2009 at 08:53:42AM -0500, Eric Sandeen wrote:
>> Aneesh Kumar K.V wrote:
>>
>>> We do a vmtruncate if we failed to allocate blocks in
>>> ext3_write_begin. That is done after the closing the current
>>> transaction. If we crash in between (ie, after committing the
>>> transaction allocating blocks and before committing the transaction that
>>> is doing truncate) we would only have  some data blocks leaking. But
>>> that would be better than user seeing zero's in the file ?. Also if we
>>> happen to add the inode to the orphan list and crash, the recovery would
>>> truncate it properly. So by doing a vmtruncate I guess the window would be
>>> small and we are already doing that in ext3_write_begin.
>> I don't agree that leaking data blocks is better than exposing zeros...
>> the former is a security flaw, the latter a (significant) annoyance.
>>
> 
> Even when we fail to track few data blocks we do zero them using 
> page_zero_new_buffers. So it should not imply a security flaw. I guess
> if we crash failing to commit the truncate fsck will look at the bitmap
> and find the blocks which are not tracked by any inode and will mark them
> free.

Oh, perhaps I misunderstood.  I thought you meant leaking data in
uninitialized blocks, but you meant losing track of those blocks'
allocation, I guess.  Sorry for the confusion...

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ