lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-218648-13602-n7LY5ZJJYn@https.bugzilla.kernel.org/>
Date: Thu, 28 Mar 2024 14:55:22 +0000
From: bugzilla-daemon@...nel.org
To: linux-ext4@...r.kernel.org
Subject: [Bug 218648] ext4: previously opened file remains writeable on
 readonly ext4 filesystem; Data loss.

https://bugzilla.kernel.org/show_bug.cgi?id=218648

Theodore Tso (tytso@....edu) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tytso@....edu

--- Comment #1 from Theodore Tso (tytso@....edu) ---
Normally, if there is a file opened for writing when there is an attempt to
remount a file system read-only via a command, e.g., "mount -o remount,ro
/dev/sdc", the remount with fail with EBUSY.

The problem is what should we do if the block device has failed or otherwise
disappeared.   In that situation, we can either do absolutely nothing
("errors=continue"), panic and halt the system ("errors=panic"), or remount the
file-system ("errors=remount-ro").  However, what should be done if there is a
file descriptor open for writing?

1) We could fail the remount, which would mean that the file system would
continue to be mounted read/write, which would cause the behavior to devolve to
"errors=continue".

2) We could force the file system to be read-only, but any file descriptors
that are still would be still open --- but attempts to write to the file will
fail with EIO.

We've chosen because it's the best we can do.  We can refuse a remount
read-only if it is initiated by the system administrator, if a user yanks the
USB thumb drive out of the laptop, or a terrorist slams a plain into the
machine room at the Pentagon, it's not like the kernel can stop something like
that from happening.   ("I'm sorry Hal, I'm afraid I can't allow you to do that
ala the movie "2001: A Spacey Odessey" is not yet a thing; although maybe
sometime soon our AI Overlords will have that power.  :-)

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ