> So what happens next? Is the ext3 maintainer on sabatical,
> or am I expected to submit a patch to fix this?
I guess people are mostly busy with OLS and such so maybe they missed
the discussion.. Giving CC to relevant people to catch their attention
:)
Andrew, Stephen: James has come across a nasty bug (potentially remote
DoS). NFS extracts inode number from a filehandle and the inode number
eventually ends in ext3_read_inode(). Now if the inode number is bogus,
ext3_get_inode_block() calls ext3_error() and filesystem is remounted
RO or whatever else is configured. That is quite undesirable in this
case.
Now the easy "fix" is to change ext3_error() to ext3_warning() but an
attacker flooding your logs with warnings is probably not good either
and in case the inode number comes from ext3 itself we should really do
ext3_error() as there is some corruption in the fs.
Better fix would be to add a flag to read_inode() saying that the inode
number is from untrusted source (but that means changing a prototype of a
function every fs uses) and change export_iget() to pass this flag. Yet
another solution would be to make ext3 implement its own get_dentry() export
function and pass the flag internally...
What do you think is the best solution?
Honza
--
Jan Kara <[email protected]>
SuSE CR Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
