Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 02 Apr 2016 15:14:57 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com, Johannes Segitz <jsegitz@...e.com>, 
	Theodore Ts'o
	 <tytso@....edu>, Ben Hutchings <ben@...adent.org.uk>
Subject: Re: ext4 data corruption due to punch hole races

On jeu., 2016-03-31 at 17:11 +0200, Johannes Segitz wrote:
> Hello,
> 
> Jan Kara fixed some issues in the Linux kernel with security implications.
> 
> https://bugzilla.suse.com/show_bug.cgi?id=972174
> 
> "When punching holes into a file races with the page fault of the same
> area, it is possible that freed blocks remain referenced from page cache
> pages mapped to process' address space. Thus modification of these blocks
> can corrupt data someone else is now storing in those blocks (which
> obviously has security implications if you can trick filesystem into
> storing some important file in those blocks).
> 
> This affects all the kernels where we support ext4 for writing. Relevant
> fixes upstream are commits ea3d7209ca01da209cda6f0dea8be9cc4b7a933b,
> 17048e8a083fec7ad841d88ef0812707fbc7e39f,
> 32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70,
> 011278485ecc3cd2a3954b5d4c73101d919bf1fa."
> 

Hey,

any reason why those commits weren't CC: stable? If this really affects all
kernels where ext4 writing is possible, that means basically all current
stable kernels more or less, I guess?

Regards,
-- 
Yves-Alexis


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ