From owner-freebsd-hackers  Fri Feb 21 15:27:46 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 61CC137B401; Fri, 21 Feb 2003 15:27:45 -0800 (PST)
Received: from bluejay.mail.pas.earthlink.net (bluejay.mail.pas.earthlink.net [207.217.120.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 73E8443FBD; Fri, 21 Feb 2003 15:27:44 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0179.cvx21-bradley.dialup.earthlink.net ([209.179.192.179] helo=mindspring.com)
	by bluejay.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)
	id 18mMZq-0000Xd-00; Fri, 21 Feb 2003 15:27:35 -0800
Message-ID: <3E56B589.2E15F3C3@mindspring.com>
Date: Fri, 21 Feb 2003 15:26:01 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Yevgeniy Aleynikov <eugenea@infospace.com>
Cc: Kirk McKusick <mckusick@beastie.mckusick.com>,
	Matt Dillon <dillon@earth.backplane.com>,
	Ian Dowse <iedowse@maths.tcd.ie>, peter@FreeBSD.ORG,
	ache@FreeBSD.ORG, Ken Pizzini <kenp@infospace.com>,
	hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG,
	nectar@FreeBSD.ORG, jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG,
	imp@FreeBSD.ORG, security-team@FreeBSD.ORG, wes@FreeBSD.ORG,
	guido@FreeBSD.ORG
Subject: Re: bleh. Re: ufs_rename panic
References: <200302200101.h1K11ZFL056229@beastie.mckusick.com> <3E56A683.5070504@infospace.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a46541ca638c83f647b7ffba3ec76f83c2350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Yevgeniy Aleynikov wrote:
> As pointed by Ken - we do have alot of file renames (qmail).
> But 2-nd solution, directory-only rename serialization, probably won't
> affect performance as much.
> 
> But i believe it's not only us who's gonna have problem when exploit
> code will be known by everybody sooner or later....

Dan's non-atomicity assumption on renames is incorrect.

Even if it's were correct, it's possible to recover fully following
a failure, because metadata updates are ordered (there is a real
synchronization between dependent operations).

I think that a workaround would be to comment the directory fsync()
code out of qmail, which apparently thinks it's running on extfs
or an async mounted FFS.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message