On Thu, Jun 17, 2010 at 10:07:25AM +0200, Michael Monnerie wrote: > On Donnerstag, 17. Juni 2010 Dave Chinner wrote: > > Hence if we get a cold cache lookup from a stale handle that > > references such an inode, we can read the inode off disk even though > > it has been deleted because we don't check if the inode is allocated > > or not. If the inode chunk has not been overwritten, then the inode > > read will succeed and the handle-to-dentry conversion will not error > > out like it is supposed to. The result is that stale NFS filehandles > > and open_by_handle() will succeed incorrectly on unlinked files for > > cold cache lookups. > > Wouldn't that qualify as a security problem and be handled as such? > There should be back ports for "long term support" kernels of security- > sensitive people, and so on. Probably. Alex, are you able to handle this side of things? Note that local open_by_handle() use is not really an issue - it requires root and if you have root you can run xfs_db or dd on the block device to get the same information. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
