lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 24 Feb 2010 10:11:03 -0500
From:	tytso@....edu
To:	Andreas Dilger <adilger@....com>
Cc:	Ext4 Developers List <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH] e2fsck: Fix bug which can cause e2fsck -fD to corrupt
 non-indexed directories

On Wed, Feb 24, 2010 at 01:25:16AM -0700, Andreas Dilger wrote:
> Do you have a regression test for this case?  e2fsck itself will
> detect the corruption ("." and ".." not at the start of the
> directory) after the fact, but I guess it means that there are no
> existing tests where there is a directory entry that sorts before
> "." or it would have been noticed earlier.

Yes, I'll add a regression test; binary files just don't work well in
patch sets, so I tend to put those in separate commits, for ease in
cherry picking.  Basically it's just a 100k ext2 filesystem with a
directory which happens to contain a name that begins with a open
parenthesis, i.e., "(oops)".

> Have you pulled this release from Sourceforge and any downstream
> releases already (Debian, FC, etc)?  It seems like a pretty serious
> problem, even though "-fD" is likely not run very often.

I was just going to accelerate getting 1.41.11 out the door, as
opposed to going to the effort of trying to deprecate 1.41.10.  In the
case of Debian, and Ubuntu, it's too late already since 1.41.10 has
already propagated out to bleeding-edge users.  So the only way to
pull it back would be to get a new release out the door, quickly...

I guess I can easily enough pull it from kernel.org and make
1.41.9 the default release to download on sourceforge.net.

       	   	   	      	       	  - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ