Re: Revised Question About Security ...

[Hans Reiser <reiser@namesys.com>]

Ripin Natani wrote:

>Hi, 
>    Regarding the question about security, What I really want is :
>1.  Are there any current security issues in reiserfs ?
>
No.

>2. Is there a listing or history of security issues that I can access and
>review?  Can you point me to them ?
>
We had one bug quite some time ago.  The guy who found it was of the "I 
want to shout my name rather than quietly tell the vendor variety" that 
so afflicts our industry.  It was fixed at the speed we fix all bugs 
(maybe sameday, maybe as much as 3 days, I forget now).  There was some 
discussion about whether it was really a security bug which I no longer 
remember.

Of course you should remember that lots of ordinary bugs can be 
considered security bugs if you look at them carefully.   This was the 
only one that was identified by the reporter as a security bug.

ReiserFS in general is committed to having a zero defect product, and to 
fixing 97%+ of reproducible bugs in 3 days or less.  The <3% usually 
consist of bugs that are hard to reproduce often enough to debug 
effectively.  Deep bugs requiring large amounts of code are fortunately 
very very rare.

>3. In your knowledge, how would reiserfs be less or more secure than say, ext2 ?
>
Ignoring release management issues, it would be the same, at least until 
V4 comes out.  For details on v4, read www.namesys.com/v4/v4.html.  In 
regards to release management, one perhaps significant advantage we 
might have is that ReiserFS V3 is changing less because we are all 
working on V4, and we don't allow people other than Chris (who is 
outside my management sphere) to submit patches that have not been read 
and tested  by two persons.

We are now able to go for months without a valid bug reported.

>
>Thanks,
>-Ripin.
>
>
>  
>


-- 
Hans