lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180630130429.GA26529@thunk.org>
Date:   Sat, 30 Jun 2018 09:04:29 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     "Gaoming (ming, consumer BG)" <gaoming20@...wei.com>
Cc:     "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Liqingchao (sorp)" <sorp.liqingchao@...wei.com>,
        "Shenchen (harry)" <harry.shen@...wei.com>,
        "miaoxie (A)" <miaoxie@...wei.com>,
        "yangfei (D)" <yangfei39@...wei.com>,
        "Renlipeng (OS driver)" <renlipeng@...wei.com>
Subject: Re: 答复: 答复: 答复: 答复: [PATCH] ext4: e2fsprogs: fix inode bitmap num not integer,incompatible for ancient
 android devices

On Sat, Jun 30, 2018 at 01:26:43AM +0000, Gaoming (ming, consumer BG) wrote:
> Yes, it is caused by using 1024 blocksize.
> It is historical problem, and I have to admit that's not good idea.  I don't know why somebody choose it some years before. 
> It has been corrected two years before or more early. But some ancient devices exist. 
> It is not user data, no need to do file-based encryption. It is a small partition for some use.
> 
> However, 1024 is legal though not good, somebody may use it. 
> And we should fix it.

So you understand my position --- the reason why I've been pushing so
hard is I'm trying to figure out how big of a problem this is.
Specifically speaking, is this a Huawei-specific problem, or something
across the entire Android ecosystem.  I *thought* I had fixed most of
the disaster back in 2011.  There have periodic headaches where
testers would discover problems where android handsets get bricked
after doing a factory reset that I had tracked down to make_ext4fs,
and the existence of make_ext4fs is not something I agreed to, and
have been fighting for years.  So I've been cleaning up after
make_ext4fs for a while, even though it's not my responsiblity.  (For
one thing my work responsibilities are for data center servers at
Google, *not* Android; for another, no one asked *me* before they came
up with the abomination which is make_ext4fs.)

So I don't feel particularly, or personally, responsible for bugs
caused by make_ext4fs, because if it had been up to me, it would have
never existed in the first place.

If it's only in ancient Huawei devices, I don't see a strong reason to
support his in upstream e2fsprogs.  Are you really going to be
backporting the latest e2fsprogs into these ancient Huawei devices?
In my experience, the Android team has a hard enough time getting
their Android partners to backport kernel fixes for severe security
bugs into old Android devices --- never mind versions of e2fsprogs.

If not, what's the point?

Regards,

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ