lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 24 Jan 2013 15:32:30 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Phillip Susi <psusi@...ntu.com>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: [PATCH] e2fslibs: fix llseek on i386

On Thu, Jan 24, 2013 at 03:22:37PM -0500, Phillip Susi wrote:
> 
> On 1/24/2013 2:51 PM, Theodore Ts'o wrote:
> > How did you find this?  I've done a quick search for SEEK_CUR, and
> > it looks like only place where this could cause a problem is with 
> > e2image.  And a quick test of a i386 version of e2image with a
> > large file system is that it does indeed blow up with an
> > "Inappropriate ioctl for device" error.
> 
> That's where I found it, but the error should be "seek: Value too
> large for defined data type"

Well, I did my testing using an i386 debian/testing chroot running
under a x86-64 3.8.0-rc3 kernel.  I'm guessing it was the use of a
32-bit userspace / 64-bit kernel that probably explains the
difference.

> > Is there any other potential problems that are caused by this bug?
> > I like to explain the impacts of bug fixes in libext2fs for folks
> > who are doing bug fix / code archeology.
> 
> If e2image is the only internal user of the call with SEEK_CUR, then I
> guess it only affects any external users of the library who were doing
> this ( I am not aware of any ).

Well, there are some binaries that aren't usually built by most
distributions (make-sparse and copy-sparse), but in terms of primary
e2fsprogs programs (mke2fs, e2fskc, tune2fs, chattr, lsattr, etc.)
nope, none of them use SEEK_CUR.

The lib/ext2fs/fileio.c file does use SEEK_CUR, which means it might
impact 3rd party packages such as e2tools and ext2fuse (although
that's generally only used on Mac and Windows systems).

Cheers,

					- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists