From: Eric Sandeen <sandeen@sandeen.net>
To: Adrian Bunk <bunk@stusta.de>
Cc: ext2-devel@lists.sourceforge.net, Neil Brown <neilb@suse.de>,
linux-kernel@vger.kernel.org
Subject: Re: CVE-2006-3468: which patch to use?
Date: Sun, 20 Aug 2006 17:31:27 -0500 [thread overview]
Message-ID: <44E8E2BF.7020000@sandeen.net> (raw)
In-Reply-To: <20060820192750.GR7813@stusta.de>
Adrian Bunk wrote:
> While going through patches for 2.6.16.x, I stumbled over the following
> regarding the "NFS export of ext2/ext3" security vulnerabilities (the
> ext3 one is CVE-2006-3468, I don't whether there's a number for the
> ext2 one):
>
> There are three patches available:
> have-ext2-reject-file-handles-with-bad-inode-numbers-early.patch
> have-ext3-reject-file-handles-with-bad-inode-numbers-early.patch
> ext3-avoid-triggering-ext3_error-on-bad-nfs-file-handle.patch
>
> The first two patches are except for a s/ext2/ext3/ identical.
>
> The two ext3 patches fix the same issue in slightly different ways.
>
> It seems there was already some agreement that the first of the two ext3
> patches should be preferred due to being more the same as the ext2 patch
> (see [1] and followups).
>
> But the only patch that is applied in 2.6.18-rc4 (and in 2.6.17.9) is
> the ext3 patch that is _not_ identical to the ext2 one.
>
> Is it the correct solution to revert this ext3 patch in both 2.6.18-rc
> and 2.6.17 and to apply the other two patches?
>
> cu
> Adrian
>
> BTW: I've attached all three patches.
>
> [1] http://lkml.org/lkml/2006/8/4/192
IMO the first two should be used; i.e. those that add ext[23]_get_dentry().
-Eric
next prev parent reply other threads:[~2006-08-20 22:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-20 19:27 CVE-2006-3468: which patch to use? Adrian Bunk
2006-08-20 22:31 ` Eric Sandeen [this message]
2006-08-20 22:58 ` Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44E8E2BF.7020000@sandeen.net \
--to=sandeen@sandeen.net \
--cc=bunk@stusta.de \
--cc=ext2-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox