[lustre-devel] [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv

Dan Carpenter dan.carpenter at oracle.com
Tue May 1 01:46:21 PDT 2018


On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote:
> However, given that the user data resides in the user space, a malicious
> user-space process can race to change the data between the two copies. By
> doing so, the attacker can provide a data with an inconsistent version,
> e.g., v1 version + v3 data. This can lead to logical errors in the
> following execution in ll_dir_setstripe(), which performs different actions
> according to the version specified by the field lmm_magic.

This part is misleading.  The fix is to improve readability and make
static checkers happy.  You're over dramatizing it to make people think
it has a security impact when it doesn't.

If the user wants to specify v1 data they can just say that on the first
read.  They don't need to do funny tricks and race between the two
reads.  It's allowed.

In other words this allows the user to do something in a very
complicated way which they are already allowed to do in a very simple
straight forward way.

regards,
dan carpenter


More information about the lustre-devel mailing list