[18572] in bugtraq
Re: major security bug in reiserfs (may affect SuSE Linux)
daemon@ATHENA.MIT.EDU (Mark Glines)
Fri Jan 12 13:04:08 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010110192257.A5762@paranoid.dyn.dhs.org>
Date: Wed, 10 Jan 2001 19:22:57 -0800
Reply-To: Mark Glines <paranoid@deathsdoor.com>
From: Mark Glines <paranoid@DEATHSDOOR.COM>
X-To: Andreas Ferber <af@DEVCON.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010110185033.C28371@kallisto.home>; from af@DEVCON.NET on Wed,
Jan 10, 2001 at 06:50:33PM +0100
On Wed, Jan 10, 2001 at 06:50:33PM +0100, Andreas Ferber wrote:
> Hi,
>
> Could not reproduce it on Linux 2.4.0 with ReiserFS 3.6.24.
>
> But I found some other strange things (everything tested on the
> abovementioned versions):
>
> If you start increasing the directory name length, everything works
> fine up to 3377 characters, as is with a length greater than 4032
> (mkdir says "File name to long" then).
>
> But if you choose a length between (including) 3378 and 4032, weird
> things happen: "ls" and "echo *" no longer show the directory (the
> directory is certainly there as you can "cd" into it and "pwd"
> correctly shows it) If the length is smaller than 3922, you can still
> show the directory with "find -maxdepth 1" (longer names even
> disappear from find).
>
> Also sometimes other entries in the directory you were creating the
> overlong name in start disappearing from ls. The only system I could
> find till now is for filename length <3922 that all files showing up
> in the find output after the long name are not shown by ls (the
> position changes if you change the name length, but for one particular
> length it is constant if you remove and recreate the directory several
> times)
Hi! I'm running Linux 2.4.0 with reiserfs 3.6.24 as well, and I was
not able to find any problems with long directory names whatsoever,
neither the original advisory (regarding kernel Oopsen) nor yours
(regarding hidden directories over a certain length). The only thing I
was able to verify was that the kernel does yield a "File name too long"
error. Other than that, everything worked perfectly, including bash's
* and <tab> completion, ls, find and anything else I tried.
My guess is perhaps this is a glibc problem? You were using glibc 2.1.3,
I am running glibc 2.2, and cannot reproduce this at all.
Your thoughts?
--
Paranoid
Wielder of Sporks
