Bug 191789

Summary: Nasty ncpfs symlink handling bug
Product: Red Hat Enterprise Linux 2.1 Reporter: Marcel Holtmann <holtmann>
Component: kernelAssignee: Don Howard <dhoward>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: medium    
Version: 2.1CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: ia64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-28 16:20:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcel Holtmann 2006-05-15 20:06:41 UTC
This bug could cause oopses and page state corruption, because ncpfs used the
generic page-cache symlink handlign functions. But those functions only work if
the page cache is guaranteed to be "stable", ie a page that was installed when
the symlink walk was started has to still be installed in the page cache at the
end of the walk.

The upstream fix for 2.6 can be found here:

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc314eef0128a807e50fa03baf2d0abc0647952c

It is not fully clear if this has a security implication at all and it got fixed
only in the 2.6 kernel series.

Comment 1 Don Howard 2006-06-28 16:20:58 UTC
I see that the companion rhel3 bug #191727 was closed->wontfix as ncpfs is
specifically unsupported in rhel3.  The suggested patch breaks kabi and would be
risky to backport to 2.1 at this point.