| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jul 2009 20:50:01 +1000
From: tridge@...ba.org
To: Pavel Machek <pavel@....cz>
Cc: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>, john.lanza@...ux.com,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Dave Kleikamp <shaggy@...ux.vnet.ibm.com>,
Steve French <sfrench@...ibm.com>,
Mingming Cao <cmm@...ibm.com>,
Paul McKenney <paulmck@...ux.vnet.ibm.com>
Subject: Re: [PATCH] Added CONFIG_VFAT_FS_DUALNAMES option
Hi Pavel,
> Defaults should be back-compatible.
I would usually agree, but I think we have an unusual situation here,
in some ways similar to a demonstrated security hole. The previous
behaviour exposed a lot of Linux vendors to the possibility of an
expensive legal fight.
If we had some way to be completely backwards compatible while
avoiding the legal issues then of course we should take that. I tried
hard to find a varient that achieved that, but the best I could manage
was what I have posted. It may be that someone else can find a better
varient that avoids the legal issues while remaining fully backward
compatible.
> Users considering disabling this should understand that filesystem
> they write to will not be valid vfat filesystems, and may trigger bugs
> in some devices.
If we find any devices that exhibit any problems with this patch while
it is in linux-next (and maybe linux-mm?) then this warning would
indeed be appropriate. It no such devices are known then I think the
warning is going a bit far.
Do you have a specific device in mind with regard to this warning?
> What happens on collision? With 60000 entries in directory, there will
> be 50% chance of collision. BAD.
Why do you say it is bad? You need to remember that those 11 bytes
cannot be used as a filename, so it isn't a filename collision. As I
mentioned in the reply to Eric's question, a quite good choice is to
use 11 spaces for every file, and that only falls down because
WindowsXP has a bug that causes that varient to bluescreen.
The only risks with collisions that I am aware of are:
- there is a very small chance (much, _much_ less than 50% with 60k
files) of WindowsXP bluescreening. I've never in fact managed to
reproduce this with the current patch, despite many days of
continuous randomised testing. The reason the probability is much
smaller than 50% at 60k is that it doesn't bluescreen just because
there is a duplicate 8.3 entry - it bluescreens with a particular
access pattern that involves 2 entries with the same 11 bytes,
that access pattern is very hard to produce.
- chkdsk.exe will complain about duplicates, and will rename one of
the two files. That is a 50% chance of 1 file being renamed for a
single directory containing 60k files. Given it isn't all that
common to run chkdsk on removable media that is shared between
Linux and Windows, I thought that this is not a terribly large
concern.
> Why not use something like position in directory instead of random
> number?
We did of course consider that, and the changes to the patch to
implement collision avoidance are relatively simple. We didn't do it
as it would weaken the legal basis behind the patch. I'll leave it to
John Lanza (the LF patent attorney) to expand on that if you want more
information.
Cheers, Tridge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists