lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20081215160936.7b70bec9.akpm@linux-foundation.org>
Date:	Mon, 15 Dec 2008 16:09:36 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	"Duane Griffin" <duaneg@...da.com>
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	bharrosh@...asas.com, sct@...hat.com, adilger@....com,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH, v2] ext3: ensure link targets are NULL-terminated

On Fri, 12 Dec 2008 10:19:20 +0000
"Duane Griffin" <duaneg@...da.com> wrote:

> 2008/12/12 Duane Griffin <duaneg@...da.com>:
> > 2008/12/12 Andrew Morton <akpm@...ux-foundation.org>:
> >> Really?  The ext2 on-disk format requires that the fast symlink be
> >> null-terminated on disk?  Even though the length is already in i_size?
> >>
> >> It seems that's true.  How un-ext2-like.
> >>
> >> ext2 and ext4 need the same fix, yes?
> >
> > Yes. I've sent them out already, but thanks to a monumental cock-up
> > with the CCs they may not have made it to the list. I'll check and
> > resend to real addresses if necessary.
> 
> Seems they did make it:
> http://marc.info/?l=linux-kernel&m=122903437006575&w=2
> http://marc.info/?l=linux-kernel&m=122903451306859&w=2
> 

OK, thanks, it seems I was sneakily not cc'ed ;)

As Al points out, the code which you implemented is still vulnerable to
on-disk corruption: bad values of i_size will cause the kernel to write
a zero byte to any address within the entire CPU address range.

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ