[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Small exposure in ocfs2 fast symlinks.
From: Joel Becker <Joel.Becker () oracle ! com>
Date: 2010-09-30 5:49:50
Message-ID: 20100930054949.GA9118 () mail ! oracle ! com
[Download RAW message or body]
On Wed, Sep 29, 2010 at 08:30:09PM -0700, Greg KH wrote:
> On Wed, Sep 29, 2010 at 07:04:07PM -0700, Joel Becker wrote:
> > Hey Everyone,
> > We just discovered that ocfs2 could walk off the end of fast
> > symlinks -- that is, symlinks that are stored directly in the inode
> > block. ocfs2 terminates these with NUL characters, but a disk
> > corruption or an attacker with direct access to the ocfs2 disk could
> > overwrite the NUL. Following the symlink via the filesystem would walk
> > off the end of the in-memory block buffer. We're not sure how
> > exploitable this is, but I figured I'd provide a heads-up. The fix is
> > in ocfs2's git tree and will be sent upstream tonight. Erratas with the
> > fix are being built.
>
> Care to send the git commit id to the stable@kernel.org tree when it
> hits Linus's tree so it gets backported there?
I Cc'd stable@kernel.org in the commit, don't worry ;-)
Joel
--
Life's Little Instruction Book #267
"Lie on your back and look at the stars."
Joel Becker
Consulting Software Developer
Oracle
E-mail: joel.becker@oracle.com
Phone: (650) 506-8127
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic