Date: Fri, 23 Jun 2000 04:12:29 +0200 (CEST) From: Marius Bendiksen <mbendiks@eunet.no> To: Bruce Evans <bde@zeta.org.au> Cc: security@FreeBSD.ORG Subject: Re: msdosfs_vnops.c : msdosfs_rename() Message-ID: <Pine.BSF.4.05.10006230410590.82462-100000@login-1.eunet.no> In-Reply-To: <Pine.BSF.4.21.0006130546390.868-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> It is supposed to be locked by setting IN_RENAME in ip->i_flag. Note that > IN_RENAME is only set in the doingdirectory case. According to the comments, nothing is locked at all. > I don't completely trust relookup(), however. In theory, the filesystem > tree may be almost arbitrarily rearranged while relookup() sleeps, since > relookup() doesn't hold many locks (in particular, it doesn't hold locks > on the directories being changed or their parents or grandparents until > it searches back down to them). I once made this happen in practice by > forcing some long sleeps and doing the rearrangement in another process. > There seemed to be problems, but I wasn't sure and have forgotten the > details. This is what I am talking about. It is, from what I see, possible to cause a problem by rearranging the directory (specifically, removing the source name) during a relookup. This would then cause a panic. Marius To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10006230410590.82462-100000>