lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <17609.23449.706093.915863@cse.unsw.edu.au>
Date:	Fri, 28 Jul 2006 10:34:33 +1000
From:	Neil Brown <neilb@...e.de>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Eric Sandeen <sandeen@...deen.net>, Andrew Morton <akpm@...l.org>,
	Theodore Tso <tytso@....edu>, jack@...e.cz, 20@...ingley.org,
	marcel@...tmann.org, linux-kernel@...r.kernel.org, sct@...hat.com,
	adilger@...sterfs.com
Subject: Re: Bad ext3/nfs DoS bug

On Thursday July 27, hch@...radead.org wrote:
> On Thu, Jul 27, 2006 at 01:32:43PM -0500, Eric Sandeen wrote:
> > Neil Brown wrote:
> > >I'll do it differently in a day or so.
> > 
> > Would moving export_iget into fs/inode.c & exporting it from there be a 
> > reasonable way to go?  At least ext2 & ext3 both have this need (prevent 
> > nfs access to special inodes) so putting the bulk of what they need for 
> > get_dentry (i.e. export_iget) somewhere common seems like a decent 
> > option to me.
> 
> Nope.  The right fix is to not make ext2/3 rely on export_iget at all. Please
> implement the proper export_operations instead, similar to e.g. xfs. 
> 
> export_iget is a horrible layering violation that needs to go away long-term,
> not move into core code.

Agreed.
I've just submitted revised patches.  They effectively open-code
export_iget in a local implemention of the get_dentry
export_operation.

This should give the problem with no unpleasant exports or layering
issues. 

NeilBrown
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ