[Top] [All Lists]

Re: XFS information leak during crash

To: Jan Kasprzak <kas@xxxxxxxxxx>
Subject: Re: XFS information leak during crash
From: Nathan Scott <nathans@xxxxxxx>
Date: Thu, 3 Nov 2005 10:11:07 +1100
Cc: linux-kernel@xxxxxxxxxxxxxxx, linux-xfs@xxxxxxxxxxx
In-reply-to: <20051102212722.GC6759@fi.muni.cz>; from kas@fi.muni.cz on Wed, Nov 02, 2005 at 10:27:22PM +0100
References: <20051102212722.GC6759@fi.muni.cz>
Sender: linux-xfs-bounce@xxxxxxxxxxx
User-agent: Mutt/1.2.5i
Hello Jan,

On Wed, Nov 02, 2005 at 10:27:22PM +0100, Jan Kasprzak wrote:
>       Hello, world!\n
> I have found that after the system crash (e.h. a hard reset or a power
> failure) XFS corrupts files which have been written to just before the crash:
> The result is that those files contain data from random blocks on the
> disk (e.g. from previously deleted files). This can have security/privacy
> implications - users can see the contents of other users' old files.

If you think you have found a security issue, it would be courteous
to at least discuss this with the maintainers first.  And since you
are a frequent linux-xfs list poster too, it seems a bit odd that
you're reporting this on linux-kernel instead... *shrug*, whatever.

This issue affects every filesystem, right?  Or are you claiming its
only XFS affected here?  Have you run your parallel-buffered-writers
test case on any other filesystems?  I'd be interested in the results,
in particular, with all of the data=xxx modes of other filesystems.

> either). Does XFS support a something like ext3's "data=ordered" mount
> option? 

No, it doesn't.

> Otherwise it is pretty unusable on multi-user systems.

That's a ridiculous assertion.  While this small metadata vs. buffered-
data-write window exists on _any_ filesystem not using a data=ordered/
data=journaled mode (which I believe is quite a common mode of operation
even on filesystems that offer those modes), it is impossible to exploit
this in any sane way.  You'd think people on a multi-user system might
actually notice the machine being frequently rebooted while you try to
tickle this window to get at "interesting" uninitialised freespace, no?

Having said that, a data=ordered mode for XFS would be a nice feature.
It just hasn't reached the top of our priority list, and its not been
offered up as a patch by anyone yet.  If anyone's interested in writing
this, they should coordinate with hch and myself - there's a fair bit
of I/O path work being done at the moment, which in the end will make
a data=ordered mode alot easier to implement.



<Prev in Thread] Current Thread [Next in Thread>