From owner-freebsd-hackers  Tue Nov 26 02:52:28 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id CAA20079
          for hackers-outgoing; Tue, 26 Nov 1996 02:52:28 -0800 (PST)
Received: from eac.iafrica.com (196-7-192-147.iafrica.com [196.7.192.147])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA20067
          for <hackers@freebsd.org>; Tue, 26 Nov 1996 02:52:15 -0800 (PST)
Received: (from rnordier@localhost) by eac.iafrica.com (8.7.6/8.6.12) id MAA02308; Tue, 26 Nov 1996 12:49:03 +0200 (SAT)
From: Robert Nordier <rnordier@iafrica.com>
Message-Id: <199611261049.MAA02308@eac.iafrica.com>
Subject: Re: A simple way to crash your system.
In-Reply-To: <11813.848999125@time.cdrom.com> from "Jordan K. Hubbard" at "Nov 26, 96 01:05:25 am"
To: jkh@time.cdrom.com (Jordan K. Hubbard)
Date: Tue, 26 Nov 1996 12:49:02 +0200 (SAT)
Cc: grog@lemis.de, hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Jordan K. Hubbard wrote:

> > - remove it and announce the fact on -announce.
> 
> That won't last more than a week - people don't search the archives
> and memories are short.
> 
> > - make it read-only (will this help?)
> 
> It already is read-only by default if you mount it from the label
> editor.  People change it back the minute they want to write on
> it. :-)
> 
> I'm not sure what to do.  Putting it into the release notes under a
> "STILL BROKEN" section seems also excessive.. :)

FWIW, the table below represents a couple of months of collecting
data from users on -questions, who reported that the msdosfs had
seriously corrupted a UFS partition.

       DRIVE              DOS START        DOS END
       cyl  head sect ||  cyl  head sect   cyl  head sect      size
-------------------------------------------------------------------
wd0 |  525 | 64 |  63 ||    0 |  1 |  1 |  126 | 63 |  63 |  512001
wd0 | 2099 | 64 |  63 ||    0 |  1 |  1 |  189 | 63 |  63 |  766017
      same drive      ||  250 |  0 |  1 |  523 | 63 |  63 | 1104768
wd0 |  788 | 64 |  63 ||    0 |  1 |  1 |  787 | 63 |  63 | 3177153
wd0 |  621 | 64 |  63 ||    0 |  1 |  1 |  619 | 63 |  63 | 2499777
wd0 |  525 | 64 |  63 ||    0 |  1 |  1 |  523 | 63 |  63 | 2112705

*All* problems occurred with the DOS FS on a 64/63 IDE drive.  FIPS
was not necessarily used.  In one case, the corrupted UFS fs was
actually on another drive.

Unless someone is aware of the problem being more general, it may
be worth patching the msdosfs code to (by default) refuse to access
DOS FSes with > 16 sectors per cluster on such drives.

Or at least warn that 64/63 IDE setups are particularly vulnerable.

--
Robert Nordier