lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <473bad0c-9e38-4f8b-9939-c70c52890cd2@case.edu>
Date: Wed, 30 Apr 2025 11:09:44 -0400
From: Chet Ramey <chet.ramey@...e.edu>
To: Jeffrey E Altman <jaltman@...istor.com>,
        David Howells <dhowells@...hat.com>,
        Alexander Viro
 <viro@...iv.linux.org.uk>,
        Christian Brauner <brauner@...nel.org>
Cc: chet.ramey@...e.edu, Etienne Champetier <champetier.etienne@...il.com>,
        Marc Dionne <marc.dionne@...istor.com>,
        Steve French <sfrench@...ba.org>, linux-afs@...ts.infradead.org,
        openafs-devel@...nafs.org, linux-cifs@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] afs, bash: Fix open(O_CREAT) on an extant AFS file in a
 sticky dir

On 4/29/25 1:35 PM, Jeffrey E Altman wrote:

> I think its worth clarifying the purpose of this fallback logic and why it 
> exists.  The fallback
> logic was added to bash 1.14.7 as part of the introduction of support for 
> IBM/Transarc AFS 3.4.

The chronology is wrong. The workaround came in in January, 1992, when
bash-1.11 was current and IBM released AFS 3.1. (The bug was actually
encountered with bash-1.08.)

The old code, without the workaround, caused widespread mail delivery
failures at CMU, who reported the problem to me and (they claimed at the
time) IBM, and provided the patch.


> It was noted that sometimes EEXIST would be returned from open(filename, 
> flags | O_CREAT)
> but would succeed if open(filename, flags & ~O_CREAT) was called.  There is 
> no evidence that
> the AFS developers were aware of the problem.

Well, except for CMU's report.

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@...e.edu    http://tiswww.cwru.edu/~chet/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ