Whenever you create a file on an ext3fs filesystem, some amount of other in-memory data, _not_ the file's contents and _not_ something which is present in the same filesystem or which previously was in a file at all, gets written to the device holding the filesystem. Could be a security issue if you have stuff in memory like crypto keys and don't expect them to get stuck on disk (well unless swapped) Issue is a fairly minor severity Reported by Solar Designer of OpenWall on Feb28 Embargo lifted April 14th 2004
To clarify the risk of this issue: to exploit this flaw you need to be a privileged user as you need to be able to see the raw disk blocks. Even then the extent of the issue is to allow you to see some random bits of kernel memory. The "crypto keys" example was thought up by one vendor as a possible risk vector, where you may have things in memory that you want to protect even from root, but this is an unlikely risk as crypto applications would need to protect their keys in memory and in any event they'd get swapped to disk. This issue is therefore very low risk.
Created attachment 101633 [details] CAN-2004-0177 ext3fs leak fix from Theodore Ts'o
I'll take this over with the intention of putting into U5.
A fix for this problem has just been committed to the RHEL3 U5 patch pool this evening (in kernel version 2.4.21-27.15.EL).
A fix for this problem has also been committed to the RHEL3 E5 patch pool this evening (in kernel version 2.4.21-27.0.3.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-293.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-294.html