lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJFSNy62erBHU6vr2ubO0BXLjCK=xOVJWaq+C=X6PYuHTWoNjg@mail.gmail.com>
Date:   Sat, 19 Nov 2016 01:25:58 +0200
From:   Nikolay Borisov <kernel@...p.com>
To:     "Theodore Ts'o" <tytso@....edu>
Cc:     Nikolay Borisov <kernel@...p.com>,
        Ext4 Developers List <linux-ext4@...r.kernel.org>,
        Borislav Petkov <bp@...en8.de>, stable@...r.kernel.org
Subject: Re: [PATCH 1/3] ext4: sanity check the block and cluster size at
 mount time

On Fri, Nov 18, 2016 at 7:58 PM, Theodore Ts'o <tytso@....edu> wrote:
> On Fri, Nov 18, 2016 at 09:40:02AM +0200, Nikolay Borisov wrote:
>>
>>
>> On 11/18/2016 06:26 AM, Theodore Ts'o wrote:
>> > If the block size or cluster size is insane, reject the mount.  This
>> > is important for security reasons (although we shouldn't be just
>> > depending on this check).
>> >
>> > Ref: http://www.securityfocus.com/archive/1/539661
>> > Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1332506
>> > Reported-by: Borislav Petkov <bp@...en8.de>
>> > Reported-by: Nikolay Borisov <kernel@...p.com>
>> > Signed-off-by: Theodore Ts'o <tytso@....edu>
>> > Cc: stable@...r.kernel.org
>>
>> I just tested with the 3 patches applied on 4.9-rc4 and could still
>> reproduce the issue.
>
> I've just tested the dev branch on both x86 and x86_64 and it doesn't reproduce for me;

As per my original email in reporting this issue - there was someone
whose 4.9-rc4 kernel + some tip/ stuff, I believe, wasn't crashing.
And the error message printed by mount was the same as yours. What I
suspect is happening is that some other patch in ext4 is catching
earlier invalid data and aborts the mount before we can crash due to
the issue at hand.

>
> root@...tests:~# mount -o ro,loop /tmp/OSS-2016-23-image  /mnt
> mount: wrong fs type, bad option, bad superblock on /dev/loop0,
>        missing codepage or helper program, or other error
>
>        In some cases useful info is found in syslog - try
>        dmesg | tail or so.
> root@...tests:~# dmesg | tail -3
> [  910.472554] EXT4-fs (loop0): Unrecognized mount option "" or missing value
> [  910.479708] EXT4-fs (loop0): failed to parse options in superblock:
> [  910.486279] EXT4-fs (loop0): Invalid log block size: 4286906368
> root@...tests:~#
>
> The critical patch should be:
>
>     ext4: sanity check the block and cluster size at mount time
>
> Can you double check your test?

I will. And as I said i'm testing 4.9-rc4 from Linus' tree with only
those patches applied.


>
> Thanks,
>
>                                                 - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ