• Eric Sandeen's avatar
    ext[234]: Avoid printk floods in the face of directory corruption (CVE-2008-3528) · d7b1831d
    Eric Sandeen authored
    This is a trivial backport of the following upstream commits:
    
    - bd39597c (ext2)
    - cdbf6dba (ext3)
    - 9d9f1775 (ext4)
    
    This addresses CVE-2008-3528
    
    ext[234]: Avoid printk floods in the face of directory corruption
    
    Note: some people thinks this represents a security bug, since it
    might make the system go away while it is printing a large number of
    console messages, especially if a serial console is involved.  Hence,
    it has been assigned CVE-2008-3528, but it requires that the attacker
    either has physical access to your machine to insert a USB disk with a
    corrupted filesystem image (at which point why not just hit the power
    button), or is otherwise able to convince the system administrator to
    mount an arbitrary filesystem image (at which point why not just
    include a setuid shell or world-writable hard disk device file or some
    such).  Me, I think they're just being silly. --tytso
    Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
    Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
    Cc: linux-ext4@vger.kernel.org
    Cc: Eugene Teo <eugeneteo@kernel.sg>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
    d7b1831d
dir.c 17.6 KB