lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <871uklp5j7.fsf@devron.myhome.or.jp>
Date:	Mon, 09 Jul 2012 19:55:56 +0900
From:	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
To:	Namjae Jeon <linkinjeon@...il.com>
Cc:	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	Ravishankar N <cyberax82@...il.com>,
	Amit Sahrawat <amit.sahrawat83@...il.com>
Subject: Re: [PATCH] fat: Support fallocate on fat.

Namjae Jeon <linkinjeon@...il.com> writes:

>>> +	/*
>>> +	 * calculate i_blocks and mmu_private from the actual number of
>>> +	 * allocated clusters instead of doing it from file size.This ensures
>>> +	 * that the preallocated disk space using FALLOC_FL_KEEP_SIZE is
>>> +	 * persistent across remounts and writes go into the allocated
>>> clusters.
>>> +	 */
>>> +	fat_calc_dir_size(inode);
>>
>> Looks like the wrong. If you didn't initialize preallocated space, the
>> data never be exposed to userland. It is security bug.
> As explained above, if we do append write instead of seeking into a
> random offset, there is no security risk.

So it means? - if we didn't, there is.

> The main disadvantage with initializing the preallocated space (as is
> done in case of without FALLOC_FL_KEEP_SIZE ) is it takes long time
> for bigger allocation sizes. It took ~70 seconds to preallocate 2GB on
> our target if FALLOC_FL_KEEP_SIZE is not set.

It doesn't become the reason to expose uninitialized data.

Thanks.
-- 
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ