lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Dec 2008 16:09:36 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: "Duane Griffin" <duaneg@...da.com> Cc: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, bharrosh@...asas.com, sct@...hat.com, adilger@....com, linux-ext4@...r.kernel.org Subject: Re: [PATCH, v2] ext3: ensure link targets are NULL-terminated On Fri, 12 Dec 2008 10:19:20 +0000 "Duane Griffin" <duaneg@...da.com> wrote: > 2008/12/12 Duane Griffin <duaneg@...da.com>: > > 2008/12/12 Andrew Morton <akpm@...ux-foundation.org>: > >> Really? The ext2 on-disk format requires that the fast symlink be > >> null-terminated on disk? Even though the length is already in i_size? > >> > >> It seems that's true. How un-ext2-like. > >> > >> ext2 and ext4 need the same fix, yes? > > > > Yes. I've sent them out already, but thanks to a monumental cock-up > > with the CCs they may not have made it to the list. I'll check and > > resend to real addresses if necessary. > > Seems they did make it: > http://marc.info/?l=linux-kernel&m=122903437006575&w=2 > http://marc.info/?l=linux-kernel&m=122903451306859&w=2 > OK, thanks, it seems I was sneakily not cc'ed ;) As Al points out, the code which you implemented is still vulnerable to on-disk corruption: bad values of i_size will cause the kernel to write a zero byte to any address within the entire CPU address range. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists