User: Password:
|
|
Subscribe / Log in / New account

Why am I seeing a security exploit?

Why am I seeing a security exploit?

Posted Mar 29, 2013 16:37 UTC (Fri) by jmorris42 (guest, #2203)
In reply to: Why am I seeing a security exploit? by bfields
Parent article: Widening ext4's readdir() cookie

Ok, at least they were on the ball. Still just doesn't seem right to design a filesystem that only works almost all the time. Computers are generally expected to be more deterministic that that.


(Log in to post comments)

Why am I seeing a security exploit?

Posted Apr 3, 2013 20:26 UTC (Wed) by bronson (subscriber, #4806) [Link]

The odds of a random 64 bit collision are worse than 10^18. Since you'll win the lottery thousands of times before that happens, you'll be too rich to care about two gobbledlygook filenames colliding. (But then, you've probably also been fried by lightning and crushed twice by the International Space Station...)

More seriously, there are other sources of error in your computer that are far more worthy of your attention: http://en.wikipedia.org/wiki/Soft_error

It's true that all bets are off if an attacker can break the hash. But, if/when that happens, the fix will probably be a straightforward kernel patch.

Why am I seeing a security exploit?

Posted Apr 4, 2013 16:20 UTC (Thu) by jimparis (subscriber, #38647) [Link]

The odds of two hashes colliding may be 1 in 10^18, but this grows with the number of files. With 60,000 files it's 1 in 10^10. Make up a use case where you're frequently creating or recreating directories with that many files, and it's not far fetched to expect someone to run into a collision pretty soon.

(numbers from http://preshing.com/20110504/hash-collision-probabilities)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds