From owner-freebsd-stable@FreeBSD.ORG Sun Nov 26 14:49:56 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 19BD416A521 for ; Sun, 26 Nov 2006 14:49:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B77D43DC7 for ; Sun, 26 Nov 2006 14:48:47 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id F294546C9F; Sun, 26 Nov 2006 09:49:33 -0500 (EST) Date: Sun, 26 Nov 2006 14:49:33 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Kevin Oberman In-Reply-To: <20061125013802.20B6E45054@ptavv.es.net> Message-ID: <20061126144424.B66361@fledge.watson.org> References: <20061125013802.20B6E45054@ptavv.es.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: David Malone , FreeBSD Stable , "O. Hartmann" Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Nov 2006 14:49:56 -0000 On Fri, 24 Nov 2006, Kevin Oberman wrote: >>> I don't know of a concerted effort by anyone to improve UFS in this way. I >>> would guess that the odd bug would have been resolved, but no large scale >>> work. >> >> Another thing to keep in mind is that filesystem mounting is only available >> to the super-user. If a feature came along such as automatically mounting >> USB drives, these bugs would indeed be critical. But for now, they are not. > > Not on the base system, but Gnome 2.16 with hald running will mount a > removable device automatically. The standard configuration of Gnome runs > hald. Allowing user mounts of removable media is even formalized by the > addition of /media to hier(7). I'm not sure this should simply be treated as > not being significant. At least for now, "untrusted" UFS file systems should not be mounted without first performing a file system check on them. I'd like to see resilience improved so that we're not dealing with panic scenarios on a heavily corrupted UFS, but it's fairly well documented that we consider file systems to be in one of three states: clean, in which case they are by definition not corrupt, requiring a bgfsck (i.e., garbage collection following a fail stop with soft updates enabled), or dirty (requiring a full fsck before mount). I think a better target for resilience improvements is actually msdosfs, since users are far more likely to want to deal with potentially currupted FAT file systems from USB devices than UFS file systems from arbitrary sources. And, unlike UFS, it's fairly likely someone with only moderate VFS/VM background could do the basics of this work, with an immediate practical benefit. Robert N M Watson Computer Laboratory University of Cambridge