Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1412201145.2542960.174109065.62846747@webmail.messagingengine.com>
Date: Thu, 02 Oct 2014 00:05:45 +0200
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com
Subject: xfs directory hash ordering bug

Hello!

Another kernel bug which did not get a CVE yet, but should be considered
to get one (sorry for the late notification):

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d

Basically it allows a local user to corrupt a xfs filesystem by just
creating directories. Depending on whether it is the root filesystem or
not the kernel panics or just oopses and forcefully disconnects the
filesystem.

The commit states that xfs_repair repairs the filesystem but IIRC
further access to that directory would still cause the kernel to either
oops or panic. So xfs_repair could not correctly fix the filesystem in
all situations. But I am not sure anymore and didn't follow up on this
(I had a relocation coming up).

My initial report here:
http://marc.info/?l=linux-xfs&m=139590613002926&w=2

Reproducer:
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e

Thanks,
Hannes

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.