From: "Vladimir V. Saveliev" <vs@namesys.botik.ru>
To: Chris Mason <mason@suse.com>
Cc: Marc Lehmann <pcg@goof.com>,
reiserfs-list@namesys.com, linux-kernel@vger.kernel.org
Subject: Re: [reiserfs-list] major security bug in reiserfs (may affect SuSELinux)
Date: Wed, 10 Jan 2001 19:29:27 +0300 [thread overview]
Message-ID: <3A5C8DE7.C9237D88@namesys.botik.ru> (raw)
In-Reply-To: <205320000.979142950@tiny>
Chris Mason wrote:
> On Wednesday, January 10, 2001 07:02:08 PM +0300 "Vladimir V. Saveliev"
> <vs@namesys.botik.ru> wrote:
>
> > Hi
> >
> > Chris Mason wrote:
> >
> >> On Wednesday, January 10, 2001 02:32:09 AM +0100 Marc Lehmann
> >> <pcg@goof.com> wrote:
> >>
> >> >>> EIP; c013f911 <filldir+20b/221> <=====
> >> > Trace; c013f706 <filldir+0/221>
> >> > Trace; c0136e01 <reiserfs_getblk+2a/16d>
> >>
> >> The buffer reiserfs is sending to filldir is big enough for
> >> the huge file name, so I think the real fix should be done in VFSland.
> >>
> >> But, in the interest of providing a quick, obviously correct fix, this
> >> reiserfs only patch will refuse to create file names larger
> >> than 255 chars, and skip over any directory entries larger than
> >> 255 chars.
> >>
> >
> > Hmm, wouldn't it make existing long named files unreachable?
> >
>
> Yes, that was intentional. We can make a different version of the patch
> that changes reiserfs_find_entry to allow opening the large filenames for
> delete and such. But, as a quick fix, I wanted to close all possible paths
> to the long names.
>
Sorry, I still do not understand what you are fixing :)
Btw, I do not see how does fs/readdir.c:fillonedir (I am looking at
2.4.0-test10) check that buffer provided by user is long enough to keep the
name in. (that is old_readdir looks broken for me - am I missing something?)
Whereas filldir seems to check whether there is enough space left in the
buffer.
Thanks,
vs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-10 16:32 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20010110023208.B296@cerebro.laendle>
2001-01-10 2:23 ` [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Chris Mason
2001-01-10 4:43 ` David Ford
2001-01-10 5:47 ` Alexander Viro
2001-01-10 15:48 ` Chris Mason
2001-01-10 17:38 ` Alexander Viro
2001-01-10 18:48 ` Chris Mason
2001-01-11 0:47 ` Alexander Viro
2001-01-10 16:41 ` Andrea Arcangeli
2001-01-10 16:02 ` Vladimir V. Saveliev
2001-01-10 16:09 ` Chris Mason
2001-01-10 16:29 ` Vladimir V. Saveliev [this message]
2001-01-10 17:03 ` Stefan Traby
2001-01-10 17:11 ` Stefan Traby
2001-01-10 2:40 ` Chris Mason
2001-01-11 11:05 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A5C8DE7.C9237D88@namesys.botik.ru \
--to=vs@namesys.botik.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mason@suse.com \
--cc=pcg@goof.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox