From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu Subject: Re: [9fans] mv vs cp In-Reply-To: Message from Lucio De Re of "Mon, 08 Oct 2001 09:00:54 +0200." <20011008090053.Z28720@cackle.proxima.alt.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <12744.1002525193@apnic.net> From: George Michaelson Date: Mon, 8 Oct 2001 17:13:13 +1000 Topicbox-Message-UUID: 01064ef0-eaca-11e9-9e20-41e7f4b1d025 > On Mon, Oct 08, 2001 at 04:49:43PM +1000, George Michaelson wrote: > > > > > Any time when attacker feels like that. System where nonprivileged use rs > > > can cause filesystem corruption is broken. Period. > > > > > > > Umm yes, but Alexander, when was the last time you *saw* one of these? > > > It only needs to happen once. Code Red/NIMDA anyone? > > ++L > Are you saying that this problem demonstrably exploited the race condition between cp/mv and rename as implemented in FreeBSD? I really do mean the question as put: when was the last time anybody saw a successful exploit of this race condition or an unstable filesystem they can show came from it, exploit or accident? I have seen many problems with UFS/FFS, and Softupdates gave me the willeys but I have also not yet seen serious corruption of the on-disk state which lies directly with problems in the FS code itself. Side-effects of kernel crashes during meta-state updates, sure. But this sounds to me like FUD which in practice doesn't exist. You could probably argue half a million potential race conditions exist in lots of systems. The frequency they occur is different. -George -- George Michaelson | APNIC Email: ggm@apnic.net | PO Box 2131 Milton QLD 4064 Phone: +61 7 3367 0490 | Australia Fax: +61 7 3367 0482 | http://www.apnic.net