oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request - kernel: xfs: stale data exposure

From: Eugene Teo <eugene () redhat com>
Date: Wed, 18 Aug 2010 13:59:24 +0800
An issue was found in the XFS filehandle conversion where inodes that are deleted may return as valid files as XFS does not verify the inode numbers in the file handles, i.e. allowing access to deleted data.
The test program that demonstrates the issue via the open_by_handle interface can be found here: http://oss.sgi.com/archives/xfs/2010-06/msg00191.html. 

[PATCH 1/4] xfs: always use iget in bulkstat
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33770

[PATCH 2/4] xfs: validate untrusted inode numbers during lookup
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
This following patch is needed too to address a regression introduced by the patches above: http://oss.sgi.com/archives/xfs/2010-08/msg00179.html. 

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=624923

Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Previous By Date Next
Previous By Thread Next

Current thread: