Date: Sat, 02 Apr 2016 15:14:57 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com, Johannes Segitz <jsegitz@...e.com>, Theodore Ts'o <tytso@....edu>, Ben Hutchings <ben@...adent.org.uk> Subject: Re: ext4 data corruption due to punch hole races On jeu., 2016-03-31 at 17:11 +0200, Johannes Segitz wrote: > Hello, > > Jan Kara fixed some issues in the Linux kernel with security implications. > > https://bugzilla.suse.com/show_bug.cgi?id=972174 > > "When punching holes into a file races with the page fault of the same > area, it is possible that freed blocks remain referenced from page cache > pages mapped to process' address space. Thus modification of these blocks > can corrupt data someone else is now storing in those blocks (which > obviously has security implications if you can trick filesystem into > storing some important file in those blocks). > > This affects all the kernels where we support ext4 for writing. Relevant > fixes upstream are commits ea3d7209ca01da209cda6f0dea8be9cc4b7a933b, > 17048e8a083fec7ad841d88ef0812707fbc7e39f, > 32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70, > 011278485ecc3cd2a3954b5d4c73101d919bf1fa." > Hey, any reason why those commits weren't CC: stable? If this really affects all kernels where ext4 writing is possible, that means basically all current stable kernels more or less, I guess? Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ