| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Jun 2009 18:46:42 -0400 From: Theodore Tso <tytso@....edu> To: number9652 <number9652@...oo.com> Cc: Eric Sandeen <sandeen@...hat.com>, ext4 development <linux-ext4@...r.kernel.org> Subject: Re: [PATCH] libext2fs: write only core inode in update_path() On Wed, Jun 17, 2009 at 02:32:18PM -0700, number9652 wrote: > I was too general in my statement above about what it broke. I think (didn't test) if a program follows this path: > extent_open(...,*handle) > write_inode_full(...,handle->inode,...) > that it will read uninitialized memory in write_inode_full. It >seems clear that all previously written code assumes that this path >is valid, and fixing all that to not assume that would seemingly be >much more than just what your patch fixes and require more time to >test. If you only use read/write_inode_full, everything is still >okay. Um, but that can't happen; the ext2_extent_handle_t type is an opaque type. So outside of code in lib/ext2fs/extent.c, no one else can see the inode in the ext2_handle_t. The safest thing to do is to simply make the extent code only use ext2_write_inode and ext2_read_inode. Otherwise, we have to worry about a user passing in the smaller 128-byte inode form. The extent code doesn't need any of the extended inode fields, so this is completely safe. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists