Announcement

Collapse
No announcement yet.

Security Problem Discovered In Btrfs File-System

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Problem Discovered In Btrfs File-System

    Phoronix: Security Problem Discovered In Btrfs File-System

    A hash-based denial-of-service attack vulnerability has been discovered for the Btrfs, the next-generation Linux file-system...

    http://www.phoronix.com/vr.php?view=MTI1MjU

  • #2
    Welcome to the next generation, where Linux won't have anything like ZFS for another decade...

    Comment


    • #3
      Completely natural reaction as beta software becomes more available and first adapters discover first real-life bugs.
      This was same with Linux.

      Originally posted by Cthulhux View Post
      Welcome to the next generation, where Linux won't have anything like ZFS for another decade...
      You make BSD look like trash can. Is it your original goal? Congratulate you on achievement?

      First - ZFS is Solaris exclusive and only ported to BSD.
      Second - ZFS inferior to BTRFS in many operations.
      Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters.
      Four - Linux has ZFS port, just as BSD.
      Five - ZFS also had bugs. Its software.
      Six - ZFS also has limitations.
      Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage. See (3).

      The only fact is that ZFS is purposely not compatible to GPL.
      Should ZFS have used GPL license, you would post "Welcome to next generation, where filesystems choose stupid license as usual" instead.

      Your trolling is weak, predictable and self-damaging.
      Last edited by crazycheese; 12-14-2012, 07:54 PM.

      Comment


      • #4
        Originally posted by crazycheese View Post
        You make BSD look like trash can.
        A trash can with ZFS, at least.

        Originally posted by crazycheese View Post
        Second - ZFS inferior to BTRFS in many operations.
        Superior in others.

        Originally posted by crazycheese View Post
        Four - Linux has ZFS port, just as BSD.
        ... FUSE-based, thus (technically) entirely different.

        Originally posted by crazycheese View Post
        Your trolling is weak, predictable and self-damaging.
        Naming facts - no kernel-side ZFS on Linux - is trolling? Ah.

        Comment


        • #5
          Originally posted by Cthulhux View Post
          Naming facts - no kernel-side ZFS on Linux - is trolling? Ah.
          Actually there's a ZFS on Linux project that is quite active. It was discussed quite a bit at ZFS Day too.

          Comment


          • #6
            Oh. Hm. Discard my previous comments.

            Comment


            • #7
              First - ZFS is Solaris exclusive and only ported to BSD.
              https://en.wikipedia.org/wiki/ZFS#Comparisons

              ┐Was that hard to even take a look at Wikipedia? Some other OS that have the porting underway are missing from there.

              Second - ZFS inferior to BTRFS in many operations.
              Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters.
              Four - Linux has ZFS port, just as BSD.
              Five - ZFS also had bugs. Its software.
              Six - ZFS also has limitations.
              Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage. See (3).
              Please, back up your claims and dont make empty statements that revolves around "something" that isn't well stated and elaborated.
              Thank you.

              ... FUSE-based, thus (technically) entirely different.
              The FUSE port is not the only one ... http://zfsonlinux.org/
              But if your ask me ... I wouldn't trust that piece of software yet.

              Comment


              • #8
                BTFRS and Desktop

                Originally posted by phoronix View Post
                Phoronix: Security Problem Discovered In Btrfs File-System

                A hash-based denial-of-service attack vulnerability has been discovered for the Btrfs, the next-generation Linux file-system...

                http://www.phoronix.com/vr.php?view=MTI1MjU
                I don't see any problem with desktop use. I actually like btfrs for what it provides me. My desktop does not run a server so, the exercise to create a DOS by hash collides is not something I will ever meet.

                Comment


                • #9
                  Good point, lsatenstein. Here's what you miss:
                  http://rudd-o.com/linux-and-free-sof...ter-than-btrfs

                  Comment


                  • #10
                    Originally posted by phoronix View Post
                    Phoronix: Security Problem Discovered In Btrfs File-System

                    A hash-based denial-of-service attack vulnerability has been discovered for the Btrfs, the next-generation Linux file-system...

                    http://www.phoronix.com/vr.php?view=MTI1MjU
                    Seriously? this is neither a 'denial of service attack' nor a 'vulnerability' -

                    A 'denial of service attack' allows a remote (non-local) user to prevent a computer from operating normally.

                    This is like saying that since users can fill up disk drives, that the filesystems have 'a vulnerability' -

                    Since there is no security risk, there is no 'vulnerability'

                    This is just a *bug* in software that is basically in beta state, which is to be expected.

                    But much easier to spin it as a security issue on the security lists and get some free press,
                    all the while making yourself into a 'security expert' for finding this 'security issue'

                    Comment


                    • #11
                      This hashing attack isn't unique to btfs, is it? This was in the news earlier, unless protected, hashing algorithms seem to have a vunerability to the DDOS.

                      Comment


                      • #12
                        Originally posted by Cthulhux View Post
                        Good point, lsatenstein. Here's what you miss:
                        http://rudd-o.com/linux-and-free-sof...ter-than-btrfs


                        I don't know when that was written but it's a bit out of date. Btrfs has at least one of the features (send/receive) that he said they were only working on. Also, according to the btrfs wiki, they do use barriers for writes which is how that post claimed zfs achieved atomicity (I would think you'd need more than just barriers to support atomicity, but, at any rate, since btrfs is cow, atomicity shouldn't be so important).
                        I would guess there's not a lot of substance to that post.

                        Comment


                        • #13
                          I don't know what distribution CRC32 provides, but isn't a good thing for FS to refuse Collision files to be created after some small threshold. After all, collisions are not ment to be in big volume, and if they are this obviously is an attack.

                          Comment


                          • #14
                            Originally posted by vertexSymphony View Post
                            https://en.wikipedia.org/wiki/ZFS#Comparisons
                            ┐Was that hard to even take a look at Wikipedia? Some other OS that have the porting underway are missing from there.
                            Was that hard to even use Wikipedia properly?
                            "ZFS was designed and implemented by a team at Sun led by Jeff Bonwick and Matthew Ahrens. It was announced on September 14, 2004,[5] but development started in 2001.[6] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[7] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community."

                            Is this hard to understand "ZFS was Solaris exclusive"? Can you distinguish "original platform" and "port platform"? I am sure you can.
                            Sun made it. Sun was author of Solaris. This is very illogical,no?

                            Originally posted by vertexSymphony View Post
                            Please, back up your claims and dont make empty statements that revolves around "something" that isn't well stated and elaborated.
                            Thank you.
                            Ok sir, you asked for it, so better stand back.
                            First - ZFS is Solaris exclusive and only ported to BSD.
                            Second - ZFS inferior to BTRFS in many operations. Many times it looses because its just too complex. Other times it looses due to design. It is more polished, but it is different. Compare FAT32 with EXT4 in data ordered mode - you get equal numbers, EXT4 will loose. Is this bad? No.
                            Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters. You want to use ZFS only if you fear bit-rot, but the performance will be abysmal and most features will simply be outside of scope of desktop usage. Datacenters have plenty of raw performance, they need security, so they trade (excessive) performance for security.
                            Four - Linux has ZFS port, just as BSD.
                            Five - ZFS also had bugs. Its software.
                            Six - ZFS also has limitations.
                            Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage.
                            The only fact is that ZFS is purposely not compatible to GPL.
                            Last edited by crazycheese; 12-15-2012, 05:06 AM.

                            Comment


                            • #15
                              It is very true that ZFS isn't very good for desktop usage.
                              btrfs is much more universal.

                              Comment

                              Working...
                              X