Date: Fri, 21 Feb 2003 15:35:06 -0800 From: Kirk McKusick <mckusick@beastie.mckusick.com> To: Terry Lambert <tlambert2@mindspring.com> Cc: Yevgeniy Aleynikov <eugenea@infospace.com>, Matt Dillon <dillon@earth.backplane.com>, Ian Dowse <iedowse@maths.tcd.ie>, peter@FreeBSD.ORG, ache@FreeBSD.ORG, Ken Pizzini <kenp@infospace.com>, hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG, nectar@FreeBSD.ORG, jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG, imp@FreeBSD.ORG, security-team@FreeBSD.ORG, wes@FreeBSD.ORG, guido@FreeBSD.ORG Subject: Re: bleh. Re: ufs_rename panic Message-ID: <200302212335.h1LNZ6FL060404@beastie.mckusick.com> In-Reply-To: Your message of "Fri, 21 Feb 2003 15:26:01 PST." <3E56B589.2E15F3C3@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Fri, 21 Feb 2003 15:26:01 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Yevgeniy Aleynikov <eugenea@infospace.com> CC: Kirk McKusick <mckusick@beastie.mckusick.com>, Matt Dillon <dillon@earth.backplane.com>, Ian Dowse <iedowse@maths.tcd.ie>, peter@FreeBSD.ORG, ache@FreeBSD.ORG, Ken Pizzini <kenp@infospace.com>, hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG, nectar@FreeBSD.ORG, jedgar@FreeBSD.ORG, rwatson@FreeBSD.ORG, imp@FreeBSD.ORG, security-team@FreeBSD.ORG, wes@FreeBSD.ORG, guido@FreeBSD.ORG Subject: Re: bleh. Re: ufs_rename panic Yevgeniy Aleynikov wrote: > As pointed by Ken - we do have alot of file renames (qmail). > But 2-nd solution, directory-only rename serialization, probably > won't affect performance as much. > > But i believe it's not only us who's gonna have problem when exploit > code will be known by everybody sooner or later.... Dan's non-atomicity assumption on renames is incorrect. Even if it's were correct, it's possible to recover fully following a failure, because metadata updates are ordered (there is a real synchronization between dependent operations). I think that a workaround would be to comment the directory fsync() code out of qmail, which apparently thinks it's running on extfs or an async mounted FFS. -- Terry You cannot get rid of the fsync calls in qmail. You have to distinguish between a filesystem that is recoverable and one which loses data. When receiving an incoming message, SMTP requires that the receiver have the message in stable store before acknowledging receipt. The only way to know that it is in stable store is to fsync it before responding. Kirk McKusick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302212335.h1LNZ6FL060404>