Announcement

Collapse
No announcement yet.

Security Problem Discovered In Btrfs File-System

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    This hashing attack isn't unique to btfs, is it? This was in the news earlier, unless protected, hashing algorithms seem to have a vunerability to the DDOS.

    Comment


    • #12
      Originally posted by Cthulhux View Post
      Good point, lsatenstein. Here's what you miss:
      http://rudd-o.com/linux-and-free-sof...ter-than-btrfs


      I don't know when that was written but it's a bit out of date. Btrfs has at least one of the features (send/receive) that he said they were only working on. Also, according to the btrfs wiki, they do use barriers for writes which is how that post claimed zfs achieved atomicity (I would think you'd need more than just barriers to support atomicity, but, at any rate, since btrfs is cow, atomicity shouldn't be so important).
      I would guess there's not a lot of substance to that post.

      Comment


      • #13
        I don't know what distribution CRC32 provides, but isn't a good thing for FS to refuse Collision files to be created after some small threshold. After all, collisions are not ment to be in big volume, and if they are this obviously is an attack.

        Comment


        • #14
          Originally posted by vertexSymphony View Post
          https://en.wikipedia.org/wiki/ZFS#Comparisons
          ?Was that hard to even take a look at Wikipedia? Some other OS that have the porting underway are missing from there.
          Was that hard to even use Wikipedia properly?
          "ZFS was designed and implemented by a team at Sun led by Jeff Bonwick and Matthew Ahrens. It was announced on September 14, 2004,[5] but development started in 2001.[6] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[7] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community."

          Is this hard to understand "ZFS was Solaris exclusive"? Can you distinguish "original platform" and "port platform"? I am sure you can.
          Sun made it. Sun was author of Solaris. This is very illogical,no?

          Originally posted by vertexSymphony View Post
          Please, back up your claims and dont make empty statements that revolves around "something" that isn't well stated and elaborated.
          Thank you.
          Ok sir, you asked for it, so better stand back.
          First - ZFS is Solaris exclusive and only ported to BSD.
          Second - ZFS inferior to BTRFS in many operations. Many times it looses because its just too complex. Other times it looses due to design. It is more polished, but it is different. Compare FAT32 with EXT4 in data ordered mode - you get equal numbers, EXT4 will loose. Is this bad? No.
          Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters. You want to use ZFS only if you fear bit-rot, but the performance will be abysmal and most features will simply be outside of scope of desktop usage. Datacenters have plenty of raw performance, they need security, so they trade (excessive) performance for security.
          Four - Linux has ZFS port, just as BSD.
          Five - ZFS also had bugs. Its software.
          Six - ZFS also has limitations.
          Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage.
          The only fact is that ZFS is purposely not compatible to GPL.
          Last edited by crazycheese; 15 December 2012, 06:06 AM.

          Comment


          • #15
            It is very true that ZFS isn't very good for desktop usage.
            btrfs is much more universal.

            Comment


            • #16
              Originally posted by crazycheese View Post
              First - ZFS is Solaris exclusive and only ported to BSD.
              Solaris has the best implementation and FreeBSD has the best port, but ZFS is by no means Solaris-exclusive. There are dozens of operating systems that support it if you consider each distribution to be a different OS. In specific, the following major operating system families have some level of ZFS support:

              Darwin
              FreeBSD
              Linux
              NetBSD
              Solaris/Illumos
              Windows NT

              Originally posted by crazycheese View Post
              Second - ZFS inferior to BTRFS in many operations.
              Would you name some?

              Originally posted by crazycheese View Post
              Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters.
              The same could be said for Linux, yet people who use Linux on desktops would disagree. Similarly, people who use ZFS on desktops (such as myself) would disagree. Having used ZFS on my desktop, I consider it to be the best filesystem available for systems that run mainstream Linux distributions and I strongly encourage its use.

              Originally posted by crazycheese View Post
              Six - ZFS also has limitations.
              Do these limitations include Denial of Service? I have managed to hang systems that use a combination of ext4, CFQ and discard. I have yet to hang a system using ZFS outside of situations that involve experimental patches.

              Originally posted by crazycheese View Post
              Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage. See (3).
              Would you elaborate on that? I have written dozens of patches to improve the ZFS Linux port that resulted in changes to the upstream repository. All of them were developed on my desktop.

              Originally posted by crazycheese View Post
              The only fact is that ZFS is purposely not compatible to GPL.
              What is your point? The GPL is purposely incompatible with a wide range of licenses. In the case of the CDDL, the incompatibility only affects distribution of a kernel binary containing ZFS.

              Originally posted by pankkake View Post
              It is very true that ZFS isn't very good for desktop usage.
              Would you elaborate? People usually tell me that using ZFS as their rootfs makes their computers perform faster. That has been my experience.

              Originally posted by pankkake View Post
              btrfs is much more universal.
              How can btrfs be more universal than ZFS when it is limited to Linux?
              Last edited by ryao; 15 December 2012, 04:10 PM.

              Comment


              • #17
                Originally posted by crazycheese View Post
                Was that hard to even use Wikipedia properly?
                "ZFS was designed and implemented by a team at Sun led by Jeff Bonwick and Matthew Ahrens. It was announced on September 14, 2004,[5] but development started in 2001.[6] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[7] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community."

                Is this hard to understand "ZFS was Solaris exclusive"? Can you distinguish "original platform" and "port platform"? I am sure you can.
                Sun made it. Sun was author of Solaris. This is very illogical,no?
                Then make up your mind with this statement:

                Originally posted by crazycheese View Post
                First - ZFS is Solaris exclusive and only ported to BSD.
                Note: I added the bold/underline

                ZFS was conceived in Solaris (d'oh !), but not exclusive of this platform ... even if you "only ported to BSD" is still wrong, you say the opposite you said before with the "exclusive".

                I SEE WHAT YOU DID THERE

                First of all, Wikipedia is outdated in some areas regarding ZFS.
                Second → I'm sorry, but BSD is not an OS (I'll take it as a OS family) ... and again

                With only this, I invalidate your point → http://zfsonlinux.org/
                With this too → http://code.google.com/p/maczfs/
                Again, with this too → https://www.haiku-os.org/tags/zfs
                Also this → https://duckduckgo.com/?q=IllumOS

                Not counting the different *BSD systems.
                I prefer to talk about the community and free ZFS, not the Oracle's one ... ty very much

                Second - ZFS inferior to BTRFS in many operations. Many times it looses because its just too complex. Other times it looses due to design. It is more polished, but it is different. Compare FAT32 with EXT4 in data ordered mode - you get equal numbers, EXT4 will loose. Is this bad? No.
                First of all, citing a benchmark from Michael Larabel is something I always "take with tweezers"
                Michael is well known for his "well" and badly done benchmarks mostly because he had no formation on what he was benchmarking ... I remember a really horribly made benchmark (in fact, if my memory doesn't fail in one of the "benchmarks" he didn't use the same hardware) that ended up in a flame war in the mailing lists and this wiki page was born from that: http://wiki.freebsd.org/BenchmarkAdvice

                That article FROM 2010 lacks information about OS, configuration, specific filesystem configurations and some extra information to actually extract something meaninful from these numbers ... sorry, can't take that seriously, but those are cute colored graphs nonetheless
                When it comes to linux graphical stack benchs, some people here also remembers horribly done benchmarks ...

                Do you have anything with a little bit more substance?

                Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters. You want to use ZFS only if you fear bit-rot, but the performance will be abysmal and most features will simply be outside of scope of desktop usage. Datacenters have plenty of raw performance, they need security, so they trade (excessive) performance for security.
                ?Abysmal performance? Please, explain me that point because I recognize that the lack of block pointer rewrite is a hit on the performance (that's being worked out) on low space situations ... but tools like external ZIL or cache devices makes a worlds of difference in performance when you have multiple devices (SSDs included) in your hands.

                btrfs doesn't have anything like this (even if we ignore that we are talking about an unstable filesystem) ... if I'm mistaken, please provide me proper information.

                I use ZFS on my desktop, and I can assure you that my computer is not a datacenter ... some people use it even in lower end hardware and more constrained situation with no issues.
                Of course, you won't exploit the full potential of ZFS without proper gear; but that's another story that also applies to other filesystems

                Yes and no ... It's a port, correct.
                But platorm is properly abstracted and the "core" of the filesystem is VERY portable that's why the feature flags were introduced in the first place.



                Agreed.
                But we are talking about whole worlds of differences between btrfs and ZFS when it comes to testing.

                Yes ... it was conceived 11 years ago aprox.

                While the ZFS community may care about solving this problem, it's not the highest priority for Sun's customers and, therefore, for the ZFS team.
                That's something from the Sun era ... the development of ZFS changed a lot since that time.
                Have something more recent?

                Licensing discussions, don't really like them ... short story is YES, you're right.


                Regards

                Comment


                • #18
                  Originally posted by pankkake View Post
                  It is very true that ZFS isn't very good for desktop usage.
                  Why, because of memory usage?

                  Comment


                  • #19
                    Originally posted by ryao View Post
                    Solaris has the best implementation and FreeBSD has the best port, but ZFS is by no means Solaris-exclusive. There are dozens of operating systems that support it if you consider each distribution to be a different OS. In specific, the following major operating system families have some level of ZFS support:

                    Darwin
                    FreeBSD
                    Linux
                    NetBSD
                    *** Edit: this one is wrong here **** Solaris/Illumos
                    Windows NT
                    These are PORTS.
                    ZFS was developed for Solaris and so its Solaris exclusive FS, same as XFS to Iris. There are many PORTS of XFS, including port to Linux, but it communicates via interface, which is Iris specific. It is not rewritten FS for, say, Linux. Same ZFS.
                    Original claim to post I answered was "Oh, Linux sucks because it doesn't have ZFS" [.. and BSD rocks because it has ZFS].
                    The essence is that ZFS was developed for and is truly native only on Solaris. I have nothing against ports btw.

                    Originally posted by ryao View Post
                    Would you name some?
                    Click the link in post please.

                    Originally posted by ryao View Post
                    Do these limitations include Denial of Service? I have managed to hang systems that use a combination of ext4, CFQ and discard. I have yet to hang a system using ZFS outside of situations that involve experimental patches.
                    Never claimed that ZFS is DoS secure, nor stated that BTFS is riper that ZFS.

                    Originally posted by ryao View Post
                    The same could be said for Linux, yet people who use Linux on desktops would disagree. Similarly, people who use ZFS on desktops (such as myself) would disagree. Having used ZFS on my desktop, I consider it to be the best filesystem available for systems that run mainstream Linux distributions and I strongly encourage its use.
                    How much hundred terrabytes your cluster has? Or you use it due to bit-rot protection? Whats the reason you prefer slower FS, compared to EXT4 and BTRFS with LZO?

                    Originally posted by ryao View Post
                    Would you elaborate on that? I have written dozens of patches to improve the ZFS Linux port that resulted in changes to the upstream repository. All of them were developed on my desktop.
                    So you are ZFS port developer and this is your point to have ZFS on Linux? What is your view on ZFS license? Why don't you develop BTFS instead?

                    Originally posted by ryao View Post
                    What is your point? The GPL is purposely incompatible with a wide range of licenses. In the case of the CDDL, the incompatibility only affects distribution of a kernel binary containing ZFS.
                    CDDL was designed to be incompatible with GPL. GPL is much older. There is no point in reinventing same license, but with just a small difference - exactly to be able to sabotage GPL ans claim GPL is incompatible.
                    ZFS is ideal flagship for this. Once Sun went down, its stupid engineers decided to take revenge a la DirectX vs OpenGL and arm the ZFS with bomb license.
                    If Sun really cared, they would dual-license or grant exception, but no - they purposely take revenge .. against own stupidity.

                    Originally posted by ryao View Post
                    Would you elaborate? People usually tell me that using ZFS as their rootfs makes their computers perform faster. That has been my experience.
                    I have not tested ZFS vs BTRFS personally, because I am more than comfortable with EXT4.
                    The only way to prove "faster" claim is to do PTS tests.

                    Originally posted by ryao View Post
                    How can btrfs be more universal than ZFS when it is limited to Linux?
                    BTRFS is free to port away, just as ZFS, and it does not have stupid CDDL license. This makes it more universal.

                    Comment


                    • #20
                      Originally posted by crazycheese View Post
                      BTRFS is free to port away, just as ZFS, and it does not have stupid CDDL license. This makes it more universal.
                      Please correct me if I'm wrong but to my understanding BTRFS is heavily tied to Linux. This is due to fact that it uses a lot of the already existing Linux specific functionality instead of implementing those itself. ZFS then again does almost everything itself and therefore is more easily portable. I doubt we will ever see BTRFS on any other operating system a side from Linux.

                      Comment

                      Working...
                      X