From: Eric Sandeen <sandeen@sandeen.net>
To: 7eggert@gmx.de
Cc: linux-kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH V2] limit minixfs printks on corrupted dir i_size, CVE-2006-6058
Date: Thu, 09 Aug 2007 17:08:05 -0500 [thread overview]
Message-ID: <46BB9045.6020107@sandeen.net> (raw)
In-Reply-To: <E1IJFr4-0000is-Ox@be1.lrz>
Bodo Eggert wrote:
> Warning: I'm only looking at the patch.
>
> You are supposed to print an error message for a user, not to write in a
> chat window to a 1337 script kiddie. OK, you just matched the current style,
> and your patch is IMHO OK for a quick security fix, but:
>
> - Security fixes should be CCed to the security mailing list, shouldn't they?
> (It might be security@ or stable@, I'll remember tomorrow, but then I'd
> forget to comment)
ok.
> - Imagine you have three mounts containing a minix fs, how can you tell which
> one is the the defective one?
good point.
> - The message says "minix_bmap", while the patch suggests it's in
> block_to_path. Therefore I asume "minix_bmap" to have only random
> informational value.
Yup, you're right.
> - Does block < 0 or block > $size make a difference?
well, block > size is likely to arrive from a corrupt i_size, and the
insistence upon going ahead and checking the next page after
encountering an error on the last one... I don't have any scenario in
mind where we'd be repeatedly trying to check blocks < 0.
> - the printk lacks the loglevel.
As do all other printk's in minixfs... (hm and 11,619 other printk's in
the kernel :) )
> - Asuming minix supports error handling, shouldn't it do something?
>
> I'd suggest a message saying something like "minix: Bad block address on
> device 08:15, needs fsck".
Fair enough, as you said I was just fixing up the issue, not rewriting
the code around it. But yes, I should probably have considered at least
a better message here. I can fix this up & resend. But I'm not
promising to audit all other printk's in minixfs this time around. ;-)
-Eric
next prev parent reply other threads:[~2007-08-09 22:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8Qlff-3jX-29@gated-at.bofh.it>
[not found] ` <8Qn7m-6li-27@gated-at.bofh.it>
2007-08-09 21:47 ` [PATCH V2] limit minixfs printks on corrupted dir i_size, CVE-2006-6058 Bodo Eggert
2007-08-09 21:47 ` Bodo Eggert
2007-08-09 22:08 ` Eric Sandeen [this message]
2007-08-13 17:54 ` [PATCH V3] " Eric Sandeen
2007-08-15 11:51 ` Bodo Eggert
2007-08-15 14:59 ` Eric Sandeen
2007-08-09 18:46 [PATCH] limit minixfs dir_pages " Eric Sandeen
2007-08-09 20:40 ` [PATCH V2] limit minixfs printks " Eric Sandeen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46BB9045.6020107@sandeen.net \
--to=sandeen@sandeen.net \
--cc=7eggert@gmx.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.