Re: major security bug in reiserfs (may affect SuSE Linux)

[Christian Zuckschwerdt <Christian.Zuckschwerdt () TRIQ NET>]

Hi,

there are indeed funny things with long filenames:

Creating a file/dir with a very long name will hide all files in that
directory!

$ ls -al
drwxr-xr-x   2 xxx     users          35 Jan 10 20:05 ./
drwx------   9 xxx     users         727 Jan 10 20:05 ../

$ touch some
$ ls -al
drwxr-xr-x   2 xxx     users          35 Jan 10 20:07 ./
drwx------   9 xxx     users         727 Jan 10 20:05 ../
-rw-r--r--   1 xxx     users           0 Jan 10 20:07 some

$ mkdir "$(perl -e 'print "x" x 4032')"
$ ls -al
drwxr-xr-x   3 xxx     users        4083 Jan 10 20:08 .
drwx------   9 xxx     users         727 Jan 10 20:05 ..

$ rmdir "$(perl -e 'print "x" x 4032')"
$ ls -al
drwxr-xr-x   3 xxx     users        4083 Jan 10 20:09 .
drwx------   9 xxx     users         727 Jan 10 20:05 ..
-rw-r--r--   1 xxx     users           0 Jan 10 20:07 some

The size '4032' is the max. Using '4033' would error.
Very long names up to 4030 chars won't show up on ls output.
Names with 4031+ chars will hide other files.

touch'ing a file instead of creating a directory will also work.

I've read the directory with a bunch of other tools (perl, find) and
that makes me believe it's not and ls bug.

I'm sorry if this is known/fixed issue. I don't have a up-to-date reiserfs
around. This is reiserfs-3.5.18-3 on kernel 2.2.17 and
ls (GNU fileutils) 4.0

cu.
  :
  Christian