Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)

Gnea (gnea@rochester.rr.com)
Wed, 10 Jan 2001 08:08:44 -0500


On Wed, Jan 10, 2001 at 03:56:32AM +0300, Vladimir V. Saveliev wrote:
> Hi
>
> Marc Lehmann wrote:
>
> > We are still investigating, but there seems to be a major security problem
>
> Hmm,
> mkdir "$(perl -e 'print "x" x 768')"
> ls
> echo *
>
> works here as it should. (2.2.18 and reiserfs-3.5.29)

cat /proc/version
Linux version 2.4.0-test11 (root@celery) (gcc version 2.95.2 20000220
(Debian GNU/Linux)) #1 SMP Fri Dec 15 01:45:43 EST 2000

snipping from dmesg:
reiserfs: checking transaction log (device 21:08) ...
Using tea hash to sort names
ReiserFS version 3.6.22

while mkdir "$(perl -e 'print "x" x 768')" works just fine, doing a
mkdir "$(perl -e 'print "x" x 4000')" will create the dir, but will NOT
segfault any program, NOR cause a kernel oops.. howeever, it will NOT
show up with ls. rm -rf "$(perl -e 'print "x" x 4000')" _will_ work...
i have yet to experience any crashes, segfaults or oopses since.

-- 
    .oO Gnea [gnea at rochester dot rr dot com] Oo.
         .oO url: http://garson.org/~gnea Oo.

"You can tune a filesystem, but you can't tuna fish." -unknown - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/