Date: Wed, 15 May 2002 10:35:01 -0400 From: Nathan Hawkins <utsl@quic.net> To: dak <aurelien.nephtali@wanadoo.fr> Cc: freebsd-fs@freebsd.org Subject: Re: [FS BUG] How to easily corrupt an UFS file system with user access and big fake files. Message-ID: <3CE27215.2090702@quic.net> References: <20020515073410.GA634@nitrogen>
next in thread | previous in thread | raw e-mail | index | archive | help
This normal. It is not a bug. It's called a sparse file, which means that you left most of the file empty, so it didn't allocate space for the empty part. The empty part isn't really there until you write to it, you see. dak wrote: >Hi everybody, > >I recently discovered a bug (probably in the FS functions) which allows a simple user to corrupt >a file system by making ultra large fake files (many GB). > >The *attack/bug* is simple, just to create a file (with cache effect disabled or not), to write 1024*1440B, >lseek() to a very very fat offset, totally out of the file and then to write somes bytes: the result >is astonishing: > >nitrogen% ls -l tmp >-rwx------ 1 dak wheel 1425637888 May 15 07:46 tmp > >You can say it's not a problem, but the file is 1.5GB and I *only* lost 1MB on my disk... >When editing the file, no problem occurs and I can show datas at the very end of file. >Of course, when doing a fsck, it tells me the disk contains many errors. > >I'm not a kernel developper and I'm not familiar with its functions :< so I cannot tell where >the problem occurs (but if you can tell me where and why it occurs, it would be nice :)) > >(I've attached a sample code, even if it's easy to reproduce) > >-- dak > >PS: I've not send a PR yet but if you think it's needed, I'll do it. >PS2: Sorry if my english isn't very good :) > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-fs" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE27215.2090702>