[netatalk-admins] 1.4b2 (with Volumesize Patch) or +Asun Patch

Subject: [netatalk-admins] 1.4b2 (with Volumesize Patch) or +Asun Patch
From: Patrik Schindler (poc@pocnet.net)
Date: Sun May 17 1998 - 18:16:04 EDT

• Next message: Richard Knuckey: "Re: [netatalk-admins] Password"
• Previous message: Hannu Krosing: "Re: [netatalk-admins] Password"
• Next in thread: a sun: "Re: [netatalk-admins] 1.4b2 (with Volumesize Patch) or +Asun Patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there!

I'm running Linux Kernel 2.0.33/libc 5.4.23 and Netatalk 1.4b2+asun2.0a18.2.

A BIG BIG warning for all who installed the Netatalk 1.4b2 with System 8 (CopyDoubler Patch) or ASun's Patches:

After scanning a remote volume with FileList (reads directories and its files and extracts version information if available) under System 7.5.5, my Syslog contained messages like these:

May 17 17:32:19 leela kernel: attempt to access beyond end of device
May 17 17:32:19 leela kernel: 08:12: rw=0, want=1145143375, limit=2029568
[...]
May 17 17:32:19 leela kernel: EXT2-fs warning (device 08:12): ext2_free_inode: b
it already cleared for inode 80425
[...]
May 17 17:32:19 leela kernel: EXT2-fs warning (device 08:12): ext2_free_inode: b
it already cleared for inode 80425
May 17 17:32:19 leela last message repeated 2 times
[...]
May 17 17:32:19 leela kernel: EXT2-fs warning (device 08:12): ext2_free_inode: b
it already cleared for inode 80425
May 17 17:32:29 leela kernel: EXT2-fs warning (device 08:12): ext2_free_inode: b
it already cleared for inode 80431
May 17 17:32:30 leela last message repeated 13 times
May 17 17:33:57 leela login[2078]: ROOT LOGIN ON TTY `ttyp3'
May 17 17:34:30 leela kernel: EXT2-fs warning (device 08:21): ext2_free_inode: b
it already cleared for inode 123651
May 17 17:34:38 leela kernel: EXT2-fs warning (device 08:21): ext2_free_inode: b
it already cleared for inode 123651

It may be of interest, that the actual device nodes in /dev do NOT correspond with Devices 8:12 or 8:21 (I do neither have sda12 nor sdb5).

After fscking these fs, (actual 8:18 and 8:33) they contained lots of errors. The first even had cross-linked files (I do NOT mean hardlinks). I don't have a log of these errors, but many directories have been "eaten", I remember a comment "Inode has ... zero. This can happen with old kernel code" or something similar. Many Entries "Entry .. in ??? blah blah...". The Questionmarks have been there!

Maybe somebody want's to fix this very ugly security hole of destroying unix FS via simply scanning a disk...

:wq! PoC

• Next message: Richard Knuckey: "Re: [netatalk-admins] Password"
• Previous message: Hannu Krosing: "Re: [netatalk-admins] Password"
• Next in thread: a sun: "Re: [netatalk-admins] 1.4b2 (with Volumesize Patch) or +Asun Patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:32:43 EST