Re: Modified floppies can crash Linux (fwd)

T Taneli Vahakangas (vahakang@cs.Helsinki.FI)
Tue, 24 Mar 1998 16:26:45 +0200 (EET)

On Tue, 24 Mar 1998, KiloByte wrote:

> Hi!
>
> I found a bug in VFAT filesystem. After posting a message to bugtraq, I
> was told to send it here, too.
>
> >You should send this to the linux kernel list, they'll propably fix it in
> >an upcoming release. Perhaps if 2.2 ever comes out? ;)
> >
> >The address is linux-kernel@vger.rutgers.edu
>
> My original message:
> > Hi!
> > While playing with file allocation tables, I noticed that if a FAT volume
> > (eg. a floppy) with looped allocation chain is being read under Linux, the
> > system stops responding and cannot be recovered to a working state without
> > a hardware rebooting.
> > This bug is not-so-useful for performing Denial-Of-Service attacks (if an
> > evildoer managed to put a floppy into your computer, why won't he just
> > press the power switch?), although he can leave a modified floppy on your
> > desk. It is sufficient to just ls that floppy.
> >
> > Sample exploit is at http://rainbow.mimuw.edu.pl/~ab171958/FAT.html#Linux
> >
> > I tested this exploit on kernel versions 2.0.30, 2.0.31 and 2.0.32, it
> > always works.
> Someone else mentioned that this bug can be dangerous if a computer
> running Linux has also a FAT partition.

I suffered from the same problem with a VFAT partition. I read the kernel
source for hours to find the problem and eventually found it: corrupted
FS. Sadly, win95 DiskScan was unable to fix the bug (AFAIR it was the
infinite dir. problem, 1.6G long directory on a 1.2G partition... Linux
went to read all the sectors beyond end of device). Even worse, that
partition was on the list which updatedb scanned nightly :( I got it fixed
with chkdsk (under dos, is there a fsck.vfat?)

However, I didn't think it was the kernel's fault: you really _should_
fsck your fs's before mounting. I'm not sure how this should be solved;
doesn't ext2 panic if a similarly fatal corruption is encountered?

A quick fix (for floppies at least) is to use mtools, which is a
user-space program.

Taneli <vahakang@cs.helsinki.fi>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu