On Sun, Oct 12, 2014 at 09:04:19PM +0200, Richard Weinberger wrote: > You misunderstood Sami's issue. He corrupted the vfat fs intentionally > to find issues > in the vfat driver. > And as he reports he found an nasty issue. > Any user can trigger a BUG_ON() using a crafted vfat image. > Please note, if you mount exactly the same image using msdos fs the issue > does not occur. Yeah, you can think of it as either a security issue if you wish, or just as a plain old robustness issue in the age of unreliable USB sticks etc. in that it just would be more ideal to fail gracefully instead of crashing. Anyway, I'm not advocating for any measure of severity (I leave that to others); I just find and report these in the hope that someone finds the reports useful. I personally view these more as robustness than security bugs at the moment, but certainly they can be seen as either. And if some of these get fixed, I will rerun the tests, so I might produce a daunting stream of reports. I know it would be nicer to report everything at once, but usually the issues found first are prevalent enough to mask other issues. By the way, I find it interesting that once I implemented a tool to minimize the differences between a bad fs and a good fs, every bug I have found in any filesystem implementation has minimized to a single bit flip. That suggests to me that fuzz testing is probably not very effective in finding bugs that require more than that. Sami
Attachment:
signature.asc
Description: Digital signature
