lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130207205335.GA28084@thunk.org>
Date:	Thu, 7 Feb 2013 15:53:35 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Martin Wilck <martin.wilck@...fujitsu.com>
Cc:	linux-ext4@...r.kernel.org
Subject: Re: GRUB and the risk of block list corruption in extX

On Thu, Feb 07, 2013 at 11:18:30AM +0100, Martin Wilck wrote:
> Hello,
> 
> you may have seen the following warning that is displayed when
> someone tries to install GRUB2 on in a extX partition:
> 
>   "/sbin/grub-setup: warn: Embedding is not possible. GRUB can only be
>   installed in this setup by using blocklists. However, blocklists are
>   UNRELIABLE and their use is discouraged."

This only happens if grub2 can't install itself in the space between
the MBR and the beginning of the first partition.  So in practice,
most people won't see this unless they install the root partition on
the whole disk, or perhaps for disks with GUUID partition tables.

I think the grub2 developers are being far too paranoid.  In practice,
ext4 doesn't move blocks around.  If you create a file and then mark
the it as immutable, it should be pretty much safe.  Yes, if you do an
off-line shrink (or in some vary rare cases, an off-line resize2fs
expand operation) it's possible that the file blocks might get moved,
but that's a pretty rare case.

There are some folks who are proposing that we use a bootloader inode:

#define EXT2_BOOT_LOADER_INO  5	       /* Boot loader inode */

for grub's benefit.  It doesn't really make things any safer from a
block relocation perspective, but maybe since it's "official", maybe
it would make the grub2 developers feel better.  But it's not
something that has been terribly high priority, since it's basically
more of a security blanket for the grub2 developers more than anything
else....

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists