The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
From: tim.newsham@gmail.com (Tim Newsham)
Subject: [TUHS] Bugs in V6 'dcheck'
Date: Sat, 31 May 2014 08:58:39 -1000	[thread overview]
Message-ID: <CAGSRWbgL9cHNiva5MzS5Sz6k_=n4A7_EkzVU3GwNeOrPhqAbkA@mail.gmail.com> (raw)
In-Reply-To: <20140531131504.AC41E18C0C8@mercury.lcs.mit.edu>

There are bugs to be found, and it can be a fun hunt
(though not too much of a challenge).  Here are some
more (security related, as thats my inclination):

  http://marc.info/?l=bugtraq&m=108627540130457&w=2
  http://minnie.tuhs.org/pipermail/unix-jun72/2008-May/000126.html
  http://minnie.tuhs.org/pipermail/unix-jun72/2008-May/000250.html

Tim


On Sat, May 31, 2014 at 3:15 AM, Noel Chiappa <jnc at mercury.lcs.mit.edu> wrote:
> So it turns out the 'dcheck' distributed with V6 has two (well, three, but
> the third one was only a potential problem for me) bugs it.
>
>
> The first was a fence-post error on a table clearing operation; it could
> cause the entry for the last inode of the disk in the constructed table of
> directory entry counts to start with a non-zero count when a second disk was
> scanned. However, it was only triggered in very specific circumstances:
>
> - A larger disk was listed before a smaller one (either in the command line,
>     or compiled in)
> - The inode on the larger disk corresponding to the last inode on the smaller
>     one was in use
>
> I can understand how they never ran across this one.
>
>
> The other one, however, which was an un-initalized variable, should have
> bitten them anytime they had more than one disk listed! It caused the
> constructed table of directory entry counts to be partially or wholly
> (depending on the size of the two disks) blank in all disks after the first
> one, causing numerous (bogus) error reports.
>
> (It was also amusing to find an un-used procedure in the source; it looks
> like dcheck was written starting with the code for 'icheck' - which explains
> the second bug; since the logic in icheck is subtly different, that variable
> _is_ set properly in icheck.)
>
> How this bug never bit them I cannot understand - unless they saw it, and
> couldn't be bothered to find and fix it!
>
> To me, it's completely amazing to find such a serious bug in such a critical
> piece of widely-distributd code! A lesson for archaeologists...
>
>
> Anyway, a fixed version is here:
>
>   http://ana-3.lcs.mit.edu/~jnc/tech/unix/ucmd/dcheck.c
>
> if anyone cares/needs it.
>
>         Noel
> _______________________________________________
> TUHS mailing list
> TUHS at minnie.tuhs.org
> https://minnie.tuhs.org/mailman/listinfo/tuhs



-- 
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com



  parent reply	other threads:[~2014-05-31 18:58 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-31 13:15 Noel Chiappa
2014-05-31 13:23 ` Ronald Natalie
2014-05-31 18:58 ` Tim Newsham [this message]
2014-05-31 19:48 ` Clem Cole
2014-05-31 13:30 Norman Wilson
2014-05-31 16:03 ` John Cowan
     [not found]   ` <20140531161620.GL28034@mcvoy.com>
2014-05-31 17:16     ` John Cowan
2014-05-31 14:19 Noel Chiappa
2014-05-31 15:55 Noel Chiappa
2014-05-31 16:18 ` Ron Natalie
2014-05-31 23:24 Doug McIlroy
2014-06-01  0:17 ` Kevin Schoedel
2014-06-01 22:54   ` scj
2014-06-01 23:48 ` A. P. Garcia
2014-06-02  1:11   ` Ronald Natalie
2014-06-02  2:10     ` A. P. Garcia
2014-06-03 16:38 ` Nelson H. F. Beebe
2014-06-02  2:14 Michael Spacefalcon
2014-06-02  2:51 ` John Cowan
2014-06-02  3:18 Noel Chiappa
2014-06-02  3:34 Noel Chiappa
2014-06-02  4:05 ` Mary Ann Horton
2014-06-02  6:12 ` arnold
2014-06-03 12:11 ` emanuel stiebler
2014-06-03 17:33 Nelson H. F. Beebe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGSRWbgL9cHNiva5MzS5Sz6k_=n4A7_EkzVU3GwNeOrPhqAbkA@mail.gmail.com' \
    --to=tim.newsham@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).