Announcement

Collapse
No announcement yet.

Security Problem Discovered In Btrfs File-System

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • LightBit
    replied
    Originally posted by pankkake View Post
    It is very true that ZFS isn't very good for desktop usage.
    Why, because of memory usage?

    Leave a comment:


  • vertexSymphony
    replied
    Originally posted by crazycheese View Post
    Was that hard to even use Wikipedia properly?
    "ZFS was designed and implemented by a team at Sun led by Jeff Bonwick and Matthew Ahrens. It was announced on September 14, 2004,[5] but development started in 2001.[6] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[7] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community."

    Is this hard to understand "ZFS was Solaris exclusive"? Can you distinguish "original platform" and "port platform"? I am sure you can.
    Sun made it. Sun was author of Solaris. This is very illogical,no?
    Then make up your mind with this statement:

    Originally posted by crazycheese View Post
    First - ZFS is Solaris exclusive and only ported to BSD.
    Note: I added the bold/underline

    ZFS was conceived in Solaris (d'oh !), but not exclusive of this platform ... even if you "only ported to BSD" is still wrong, you say the opposite you said before with the "exclusive".

    I SEE WHAT YOU DID THERE

    First of all, Wikipedia is outdated in some areas regarding ZFS.
    Second → I'm sorry, but BSD is not an OS (I'll take it as a OS family) ... and again

    With only this, I invalidate your point → http://zfsonlinux.org/
    With this too → http://code.google.com/p/maczfs/
    Again, with this too → https://www.haiku-os.org/tags/zfs
    Also this → https://duckduckgo.com/?q=IllumOS

    Not counting the different *BSD systems.
    I prefer to talk about the community and free ZFS, not the Oracle's one ... ty very much

    Second - ZFS inferior to BTRFS in many operations. Many times it looses because its just too complex. Other times it looses due to design. It is more polished, but it is different. Compare FAT32 with EXT4 in data ordered mode - you get equal numbers, EXT4 will loose. Is this bad? No.
    First of all, citing a benchmark from Michael Larabel is something I always "take with tweezers"
    Michael is well known for his "well" and badly done benchmarks mostly because he had no formation on what he was benchmarking ... I remember a really horribly made benchmark (in fact, if my memory doesn't fail in one of the "benchmarks" he didn't use the same hardware) that ended up in a flame war in the mailing lists and this wiki page was born from that: http://wiki.freebsd.org/BenchmarkAdvice

    That article FROM 2010 lacks information about OS, configuration, specific filesystem configurations and some extra information to actually extract something meaninful from these numbers ... sorry, can't take that seriously, but those are cute colored graphs nonetheless
    When it comes to linux graphical stack benchs, some people here also remembers horribly done benchmarks ...

    Do you have anything with a little bit more substance?

    Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters. You want to use ZFS only if you fear bit-rot, but the performance will be abysmal and most features will simply be outside of scope of desktop usage. Datacenters have plenty of raw performance, they need security, so they trade (excessive) performance for security.
    ?Abysmal performance? Please, explain me that point because I recognize that the lack of block pointer rewrite is a hit on the performance (that's being worked out) on low space situations ... but tools like external ZIL or cache devices makes a worlds of difference in performance when you have multiple devices (SSDs included) in your hands.

    btrfs doesn't have anything like this (even if we ignore that we are talking about an unstable filesystem) ... if I'm mistaken, please provide me proper information.

    I use ZFS on my desktop, and I can assure you that my computer is not a datacenter ... some people use it even in lower end hardware and more constrained situation with no issues.
    Of course, you won't exploit the full potential of ZFS without proper gear; but that's another story that also applies to other filesystems

    Yes and no ... It's a port, correct.
    But platorm is properly abstracted and the "core" of the filesystem is VERY portable that's why the feature flags were introduced in the first place.

    http://svnweb.freebsd.org/base?view=...evision=236884

    Agreed.
    But we are talking about whole worlds of differences between btrfs and ZFS when it comes to testing.

    Yes ... it was conceived 11 years ago aprox.

    While the ZFS community may care about solving this problem, it's not the highest priority for Sun's customers and, therefore, for the ZFS team.
    That's something from the Sun era ... the development of ZFS changed a lot since that time.
    Have something more recent?

    Licensing discussions, don't really like them ... short story is YES, you're right.


    Regards

    Leave a comment:


  • ryao
    replied
    Originally posted by crazycheese View Post
    First - ZFS is Solaris exclusive and only ported to BSD.
    Solaris has the best implementation and FreeBSD has the best port, but ZFS is by no means Solaris-exclusive. There are dozens of operating systems that support it if you consider each distribution to be a different OS. In specific, the following major operating system families have some level of ZFS support:

    Darwin
    FreeBSD
    Linux
    NetBSD
    Solaris/Illumos
    Windows NT

    Originally posted by crazycheese View Post
    Second - ZFS inferior to BTRFS in many operations.
    Would you name some?

    Originally posted by crazycheese View Post
    Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters.
    The same could be said for Linux, yet people who use Linux on desktops would disagree. Similarly, people who use ZFS on desktops (such as myself) would disagree. Having used ZFS on my desktop, I consider it to be the best filesystem available for systems that run mainstream Linux distributions and I strongly encourage its use.

    Originally posted by crazycheese View Post
    Six - ZFS also has limitations.
    Do these limitations include Denial of Service? I have managed to hang systems that use a combination of ext4, CFQ and discard. I have yet to hang a system using ZFS outside of situations that involve experimental patches.

    Originally posted by crazycheese View Post
    Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage. See (3).
    Would you elaborate on that? I have written dozens of patches to improve the ZFS Linux port that resulted in changes to the upstream repository. All of them were developed on my desktop.

    Originally posted by crazycheese View Post
    The only fact is that ZFS is purposely not compatible to GPL.
    What is your point? The GPL is purposely incompatible with a wide range of licenses. In the case of the CDDL, the incompatibility only affects distribution of a kernel binary containing ZFS.

    Originally posted by pankkake View Post
    It is very true that ZFS isn't very good for desktop usage.
    Would you elaborate? People usually tell me that using ZFS as their rootfs makes their computers perform faster. That has been my experience.

    Originally posted by pankkake View Post
    btrfs is much more universal.
    How can btrfs be more universal than ZFS when it is limited to Linux?
    Last edited by ryao; 15 December 2012, 04:10 PM.

    Leave a comment:


  • pankkake
    replied
    It is very true that ZFS isn't very good for desktop usage.
    btrfs is much more universal.

    Leave a comment:


  • crazycheese
    replied
    Originally posted by vertexSymphony View Post
    https://en.wikipedia.org/wiki/ZFS#Comparisons
    ?Was that hard to even take a look at Wikipedia? Some other OS that have the porting underway are missing from there.
    Was that hard to even use Wikipedia properly?
    "ZFS was designed and implemented by a team at Sun led by Jeff Bonwick and Matthew Ahrens. It was announced on September 14, 2004,[5] but development started in 2001.[6] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[7] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community."

    Is this hard to understand "ZFS was Solaris exclusive"? Can you distinguish "original platform" and "port platform"? I am sure you can.
    Sun made it. Sun was author of Solaris. This is very illogical,no?

    Originally posted by vertexSymphony View Post
    Please, back up your claims and dont make empty statements that revolves around "something" that isn't well stated and elaborated.
    Thank you.
    Ok sir, you asked for it, so better stand back.
    First - ZFS is Solaris exclusive and only ported to BSD.
    Second - ZFS inferior to BTRFS in many operations. Many times it looses because its just too complex. Other times it looses due to design. It is more polished, but it is different. Compare FAT32 with EXT4 in data ordered mode - you get equal numbers, EXT4 will loose. Is this bad? No.
    Third - ZFS is different and for different scale, many complexities are excessive for different systems. ZFS is meant for datacenters. You want to use ZFS only if you fear bit-rot, but the performance will be abysmal and most features will simply be outside of scope of desktop usage. Datacenters have plenty of raw performance, they need security, so they trade (excessive) performance for security.
    Four - Linux has ZFS port, just as BSD.
    Five - ZFS also had bugs. Its software.
    Six - ZFS also has limitations.
    Seven - ZFS developers very very rarely accept patches to improve its "desktop" usage.
    The only fact is that ZFS is purposely not compatible to GPL.
    Last edited by crazycheese; 15 December 2012, 06:06 AM.

    Leave a comment:


  • Drago
    replied
    I don't know what distribution CRC32 provides, but isn't a good thing for FS to refuse Collision files to be created after some small threshold. After all, collisions are not ment to be in big volume, and if they are this obviously is an attack.

    Leave a comment:


  • liam
    replied
    Originally posted by Cthulhux View Post
    Good point, lsatenstein. Here's what you miss:
    http://rudd-o.com/linux-and-free-sof...ter-than-btrfs


    I don't know when that was written but it's a bit out of date. Btrfs has at least one of the features (send/receive) that he said they were only working on. Also, according to the btrfs wiki, they do use barriers for writes which is how that post claimed zfs achieved atomicity (I would think you'd need more than just barriers to support atomicity, but, at any rate, since btrfs is cow, atomicity shouldn't be so important).
    I would guess there's not a lot of substance to that post.

    Leave a comment:


  • Vadi
    replied
    This hashing attack isn't unique to btfs, is it? This was in the news earlier, unless protected, hashing algorithms seem to have a vunerability to the DDOS.

    Leave a comment:


  • dfcat
    replied
    Originally posted by phoronix View Post
    Phoronix: Security Problem Discovered In Btrfs File-System

    A hash-based denial-of-service attack vulnerability has been discovered for the Btrfs, the next-generation Linux file-system...

    http://www.phoronix.com/vr.php?view=MTI1MjU
    Seriously? this is neither a 'denial of service attack' nor a 'vulnerability' -

    A 'denial of service attack' allows a remote (non-local) user to prevent a computer from operating normally.

    This is like saying that since users can fill up disk drives, that the filesystems have 'a vulnerability' -

    Since there is no security risk, there is no 'vulnerability'

    This is just a *bug* in software that is basically in beta state, which is to be expected.

    But much easier to spin it as a security issue on the security lists and get some free press,
    all the while making yourself into a 'security expert' for finding this 'security issue'

    Leave a comment:


  • Cthulhux
    replied
    Good point, lsatenstein. Here's what you miss:
    http://rudd-o.com/linux-and-free-sof...ter-than-btrfs

    Leave a comment:

Working...
X