From owner-freebsd-stable@FreeBSD.ORG Fri Jul 27 23:19:08 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F6EF16A417 for ; Fri, 27 Jul 2007 23:19:08 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82]) by mx1.freebsd.org (Postfix) with ESMTP id B2D2B13C45D for ; Fri, 27 Jul 2007 23:19:07 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l6RNJ6ur017169; Sat, 28 Jul 2007 09:19:06 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l6RNJ6Ff017168; Sat, 28 Jul 2007 09:19:06 +1000 (EST) (envelope-from peter) Date: Sat, 28 Jul 2007 09:19:05 +1000 From: Peter Jeremy To: Dennis Melentyev Message-ID: <20070727231905.GJ1152@turion.vk2pj.dyndns.org> References: <469E6545.3070600@FreeBSD.org> <200707231415.l6NEFuRo035076@lurza.secnetix.de> <20070724094451.GB1162@turion.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tqI+Z3u+9OQ7kwn0" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-stable@freebsd.org Subject: Re: removing external usb hdd without unmounting causes reboot? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 23:19:08 -0000 --tqI+Z3u+9OQ7kwn0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Jul-27 18:29:44 +0300, Dennis Melentyev wrote: >Sorry for continuing this thread, but let's not forgot the security >aspect of this issue: >If you run amd on some host configured to automount USB drives, it's >easy to force DoS attack. Just insert the flash/HDD and remove it >short after it's mounted. It's almost impossible to secure a machine against someone with physical access to that machine. As you point out, pushing the reset button or pulling the power cable works. >USB stick, just in case of a Flash with dead blocks on it or just >badly formatted one it's too easy to get totally unexpected panics. There are two distinct issues here: When you remove the hardware, the low-level datastructures get freed but the high level (FS) code still points into those (now freed) structures - ie you have use-after-free errors. As has been pointed out, resolving these issues is difficult because they affect many different areas within the kernel. If the filesystem is corrupt, then it is no longer internally consistent and assumptions/requirements in the FS code are no longer valid. It is possible that assert() checks are tripped or implicit assumptions in the code are violated, possibly leading to panics. Bad blocks could lead to similar behaviour. Fixing these problems is (in general) not hard because it's mostly just adding appropriate checks in the FS code and I believe that most of the cases where this can occur have already been corrected. >I'd rather consider this problem as security one. I think that is a very long stretch. >Is there any correct way to initiate funding to rewrite VM/VFS related >parts (getting non-panicable removable devices)? Who should one >contact for this? I would suggest that the first step is finding someone (or a few people) with the necessary skills who is/are willing to work on the problem. Offering funding may increase the potential pool but will not automatically solve the skills/knowledge issue. As for initiating funding, you have several options: 1) Do it yourself: Find someone(s) to do the work (either by approaching likely candidates or advertising on FreeBSD lists), get an indication of the necessary funding and then raise the funds yourself. 2) Approach the FreeBSD Foundation, with or without names. 3) Approach corporations that are FreeBSD-friendly. Yahoo! and Apple are the first ones that come to mind. --=20 Peter Jeremy --tqI+Z3u+9OQ7kwn0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGqn1p/opHv/APuIcRArr2AKCTOLoLddDdkucIhLNGq+z0KKu//gCfRbWF YJYg9vSfsQehGDwYKLt6SiE= =05YA -----END PGP SIGNATURE----- --tqI+Z3u+9OQ7kwn0--