summary of responses:
-----------------------------------------
From: Allen Bolderoff <[EMAIL PROTECTED]>
latest reiserfs patches and 2.4 kernel is fine here
------------------------------------------------------
From: "Brandon S. Allbery KF8NH" <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
+-----
| I can't reproduce this.
+--->8
I've just tried it on stock SuSE 6.4 and 7.0 and also cannot reproduce it.
---------------------------------------------
From: "John H. Robinson, IV" <[EMAIL PROTECTED]>
[jaqque@osiris:/tmp/chk]% uname -a
Linux osiris 2.2.18 [classified] Sat Jan 6 11:19:04 PST 2001 i586 unknown
[jaqque@osiris:/tmp/chk]% mkdir "$(perl -e 'print "x" x 768')"
no oops, but a directory that cannot be removed.
linux kernel 2.2.18 with reiserfs-3.5.29 patch
---------------------------
From: [EMAIL PROTECTED]
No oops maybe, BUT if you setup an evil script to make so many that the various kernel
structures got too full (or it filled the whole partition/disk up) then....
And at 650Mhz my computer could do that quite easily...
----------------------------------------------
From: Torge Szczepanek <[EMAIL PROTECTED]>
I tested it under a fresh install of Suse Linux 7.0 using the Suse Linux
7.0 Standard kernel Version 2.2.16 (includes ReiserFS version 3.5.23).
I could not reproduce a kernel oops
------------------------------------
From: Dj-Ohki <[EMAIL PROTECTED]>
ive tried this on my machines. both over nfs and local reiserfs mounted
dirs. both machines are running 2.4.0-test7 with reiserfs 3.6.14. it
seems not to manifest in this version.
--------------------------------------------
From: Maarten Bukkems <[EMAIL PROTECTED]>
Kernel 2.4.0-test11, reiserfs 3.6.19 on SuSE 6.4 doesn't seem to be
vulnerable. (even tried with 2048 chars .. no problem at all)
-----------------------------------
From: Dirk Mueller <[EMAIL PROTECTED]>
If it helps, I'm using 2.2.18+reiserfs-3.5.29+ide-dma patch and I cannot
reproduce ANYTHING said in the referred message. It works perfectly fine.
I was using gcc 2.95.2 to compile the kernel.
------------------------------
From: [EMAIL PROTECTED]
ReiserFS 3.6.24 (kernel 2.4.0ac4) doesn't seem vulnerable to this attack.
No segfault, no kernel oops and proper operations.
But after having discovered such a vulnerability, ReiserFS definitely
needs an audit, because other exploitable buffer overflows may still be
with us in 3.6.x .
readdir() doesn't find the xxxxxxx directory. rm -r x* would give you
ENOENT.
Tests show that such a directory can sucessfully be created, accessed (cd
"$(perl -e 'print "x" x 4032')"), chmod'ed, renamed and deleted. But
readdir() on the parent directory fails to find it. However it may be a
ReiserFS bug (unproper file length limitation) or a VFS bug (unable to deal
with so long names) .
----------------------------------------------------------------------
From: =?iso-8859-2?Q?Magos=E1nyi_=C1rp=E1d?= <[EMAIL PROTECTED]>
Negative. What versions it is reproducible on?
kernel: 2.4.0
disk format: 3.5.x
reiserfs version: 3.6.24
> While this individual bug might be easy to fix, we believe that other,
> similar bugs should be easy to find so reiserfs should not be trusted (it
> shouldn't be trusted to full user access for other reasons anyway, but it
> is still widely used).
>=20
Could you elaborate on it?
------------------------------
