| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Jan 2013 12:16:35 -0500 From: Theodore Ts'o <tytso@....edu> To: Eric Sandeen <sandeen@...hat.com> Cc: Ext4 Developers List <linux-ext4@...r.kernel.org> Subject: Re: [PATCH 1/4] resize2fs: fix 32-bit overflow issue which can corrupt 64-bit file systems On Thu, Jan 03, 2013 at 09:56:51AM -0600, Eric Sandeen wrote: > > Yikes - seems like there are quite a few places where we need to > audit this kind of thing Fortunately a bunch of these only apply for 32-bit resizing (i..e, involving the resize_inode or the 32-bit resize iocl). The goal_blk calculations just mean that we will be using a non-optimal block number, which we should fix, but it's not catastrophic. The check_block_uninit() function in lib/ext2fs/alloc.c could defintely cause a problem if someone were to use the library to write into a 64-bit file system via FUSE, e2tools, or debugfs, but it's unlikely to cause a problem for mke2fs or e2fsck. (It could potentially cause a problem if e2fsck needed to freshly allocate some new blocks for e.g., a missing lost+found directory, or during pass1b processing and it allocates for the first time into an block group with BLOCK_UNINIT, but it's not a high probability bug.) Regardless of how likely they are, I agree absolutely that we should audit and fix all of these problems. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists