[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - kernel: xfs: stale data exposure
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-08-19 19:34:24
Message-ID: 460603542.1004501282246464479.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2943

Thanks.

-- 
    JB


----- "Eugene Teo" <eugene@redhat.com> wrote:

> An issue was found in the XFS filehandle conversion where inodes that
> 
> are deleted may return as valid files as XFS does not verify the inode
> 
> numbers in the file handles, i.e. allowing access to deleted data.
> 
> The test program that demonstrates the issue via the open_by_handle 
> interface can be found here: 
> http://oss.sgi.com/archives/xfs/2010-06/msg00191.html.
> 
> [PATCH 1/4] xfs: always use iget in bulkstat
> http://article.gmane.org/gmane.comp.file-systems.xfs.general/33770
> 
> [PATCH 2/4] xfs: validate untrusted inode numbers during lookup
> http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
> 
> This following patch is needed too to address a regression introduced
> by 
> the patches above:
> http://oss.sgi.com/archives/xfs/2010-08/msg00179.html.
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=624923
> 
> Thanks, Eugene
> -- 
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i);
> }
[prev in list] [next in list] [prev in thread] [next in thread]