lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Dec 2019 20:38:07 +0100
From:   Florian Weimer <fw@...eb.enyo.de>
To:     "Theodore Y. Ts'o" <tytso@....edu>
Cc:     Rich Felker <dalias@...c.org>, linux-fsdevel@...r.kernel.org,
        musl@...ts.openwall.com, linux-kernel@...r.kernel.org,
        linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org
Subject: Re: [musl] getdents64 lost direntries with SMB/NFS and buffer size < unknown threshold

* Theodore Y. Ts'o:

> On Wed, Nov 20, 2019 at 03:59:13PM -0500, Rich Felker wrote:
>> 
>> POSIX only allows both behaviors (showing or not showing) the entry
>> that was deleted. It does not allow deletion of one entry to cause
>> other entries not to be seen.
>
> Agreed, but POSIX requires this of *readdir*.  POSIX says nothing
> about getdents64(2), which is Linux's internal implementation which is
> exposed to a libc.

Sure, but Linux better provides some reasonable foundation for a libc.

I mean, sure, we can read the entire directory into RAM on the first
readdir, and get a fully conforming implementation this way (and as
Rich noted, glibc's 32 KiB buffer tends to approximate that in
practice).  But that doesn't strike me as particularly useful.

The POSIX requirement is really unfortunate because it leads to
incorrect implementations of rm -rf which would on a compliant system
and fail in practice.

> So we would need to see what is exactly going on at the interfaces
> between the VFS and libc, the nfs client code and the VFS, the nfs
> client code and the nfs server, and possibly the behavior of the nfs
> server.
>
> First of all.... you can't reproduce this on anything other than with
> NFS, correct?  That is, does it show up if you are using ext4, xfs,
> btrfs, etc.?

I'm sure it shows up with certain directory contents on any Linux file
system except for those that happen to have a separate B-tree (or
equivalent) for telldir/seekdir support.  And even those will have
broken corner case in case of billions of directory operations.

32 bits are simply not enough storage space for the cookie.  Hashing
just masks the presence of these bugs, but does not eliminate them
completely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ