On Oct 26, 2004, "Robert P. J. Day" <rpjday@xxxxxxxxxxxxxx> wrote: > On Tue, 26 Oct 2004, Alexandre Oliva wrote: >> All it takes is a bit of incorrect memory management in the kernel. >> As soon as you corrupt kernel data structures, all bets are off. Say, >> double-free of a pointer to an ntfs read-only buffer could corrupt >> whatever data structure that buffer was being reused for after the >> first free. > i've always wondered about this -- i still don't see how that could > corrupt the NTFS structure *on* *disk*. sure, it's entirely possible > that the cached NTFS info in RAM might get screwed, you might lose the > ability to *read* files from the hard drive. Not only that. It may screw any data structures whatsoever. It could, for example, mark as dirty another unrelated page that was not supposed to be dirty, and then, if that page happens to get a bit of the memory corruption too, it will eventually make it to disk (if the system doesn't crash first). > if i mount a filesystem read-only, i expect it never to be altered. > doesn't NTFS use the same VFS layer as everyone else? If nothing corrupts memory, yes. If there's a single module getting internal data structures messed up, all bets are off. -- Alexandre Oliva http://www.ic.unicamp.br/~oliva/ Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org} Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}