lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 8 Jul 2009 13:39:51 +0200
From:	Martin Steigerwald <Martin@...htvoll.de>
To:	tridge@...ba.org
Cc:	Jan Engelhardt <jengelh@...ozas.de>,
	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
	Theodore Tso <tytso@....edu>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Pavel Machek <pavel@....cz>, john.lanza@...ux.com,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	linux-fsdevel@...r.kernel.org,
	Dave Kleikamp <shaggy@...ux.vnet.ibm.com>, corbet@....net,
	jcm@...masters.org, James.Bottomley@...senpartnership.com
Subject: Re: CONFIG_VFAT_FS_DUALNAMES regressions

Am Mittwoch 08 Juli 2009 schrieb tridge@...ba.org:
> Hi Martin,

Hi Tridge,

>  > Have low level filesystem check, repair and cloning tools been
>  > checked against the patch at all?
>
> I have tested chkdsk.exe obvious, and I have reported the bug in
> chkdsk that this testing has found to Microsoft.
>
> I haven't tested tools like ghost or 3rd party tools. I don't actually
> have any of those tools myself, although I guess I could go out and
> buy them. Does anyone on this list have those tools and can let me
> know if they show any problems?

The question before that would be whether anyone has a comprehensive list 
of those tools, cause I think there are quite many. Well at least those 
from bigger vendors should be tested I think. Paragon, Symantec, ...

And has it been tested with Linux tools such as fsck.msdos, fsck.vfat, 
parted and partimage? I think it probably has not much effect on parted and 
partimage, but what about the fscks?

>  > I think the patch actively *corrupts* perfectly fine shortname FAT
>  > filesystems and at least for certain use scenarios even those with
>  > long name support.
>
> The patch only changes the values stored for new files created by
> Linux, so I think it is going a bit far to say it "actively corrupts"
> filesystems.

I do not. A filesystem is intact when all of its metadata is intact. This 
is at least what I believe and what various fsck tools seem to implement. 
Thus even when the patch only changes the values stored for new - or 
rewritten? - files it actively corrupts the meta consistency of the whole 
filesystem. To me it is like inserting a defective inode into a consistent 
Linux filesystem.

> I am looking into the Win9X issued raised by Jan. As I mentioned in my
> mail to him, it seems to work better with some different values in the
> 11 bytes. I'll keep looking at that, although I don't think Win9X
> support is a high priority for anyone any more. After installing Win98
> in a virtual machine I connected it to the windows update service to
> see if there had been updates to the old install images I had, and I
> found it couldn't even connect to windows update, it just throws a
> page full of html errors:
>
>   http://samba.org/tridge/Win98-update.png

I don't believe that Microsoft is still providing updates for Win98. But I 
think Windows 2000 might still be in use - I for example have a Win 2000 
installation on my ThinkPad T23, although I didn't boot it for about a 
year or so. Has it been tested against Windows 2000? I digged for the mail 
where you said something about against which Windows versions you tested, 
but I didn't find it anymore.

I think information regarding test status of the patch should be collected 
in the FAQ.

> When the vendor of an operating system doesn't even bother to display
> a clean "sorry, you don't get updates any more" page for their OS then
> I think it is safe to say that the operating system is dead and
> buried.

It is safe to say much. But still users might not behave according to your 
saying or might even not be able to. A potential customer asked us to 
migrate a Windows 98 installation into a virtual machine, cause the 
software that is running there would not run with any newer version of 
Windows. Sometimes people are locked / forced to a specific Windows (or 
Linux) version at least is they do not want to pay lots of $$$ to replace 
their proprietary special hardware + software combination by something 
which is supported on a newer version of an operating system. And for a 
coincidence I think digital photos have been involved in that use case.

I skip most of the political stuff. I was not my main point to make. It 
has been discussed before. We obviously have different oppinions and thats 
just how it is. No need to cycle around our different view points.

>  > If the Linux kernel would be changed to avoid any software patent
>  > issues I am not sure whether it would even be able to boot
>  > anymore.
>
> That argument can be used with pretty much any software (both
> proprietary and free), not just the Linux kernel.

I think this doesn't render my argument invalid. To me it merely says that 
also other free software projects shall be careful with politically or 
juristically motivated patches. Drastically spoken if everyone decides to 
jump out of the window, why should I follow?

> In the case of the GIF patents the correct answer was a concerted
> effort to switch to a new format. That was a fantastic campaign and
> largely successful.
>
> We don't, as yet, have any equivalent campaign to get behind for these
> VFAT patents. The calls for changing to a different filesystem format
> are great, but they fall down in an even worse way than what I have
> proposed on exactly the same issues. This hypothetical new format
> won't work with cheap MP3 players, won't work with Win9X, and almost
> certainly won't work with existing Windows boxes (yes, I know about
> UDF, but if you actually try it you'll see it isn't the panacea some
> have claimed). So in what way is it a solution, even if the new format
> existed?

Its challening, agreed. Especially as for it to be truly multi-plattform 
Linux developers, Apple, Microsoft and little device makers would have to 
agree on it. Or it needs to be a free software product that can be 
installed on any OS really easily. Then you could have a small fat16 
partition with a *.exe file and a MacOS X dmg to click on in order to 
install the driver for the real new inter-exchange filesystem. But what 
about device makers. And what about existing devices? I think it can only 
be a slow migration.

> If you can propose a truly workable alternative then I would be
> delighted to never have to think about FAT filesystems again in my
> life.

I did not meant any personal offence. So no need to justify yourself for 
what you do. You are just trying to find a workaround for the issue. And I 
am pretty sure you believe in what you do to be a viable workaround. I am 
not intending to shoot the messenger of a possible workaround. I am just 
not a fan of a patch like yours being in vanilla and thats about it ;).

Ciao,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7


Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ