All of lore.kernel.org
 help / color / mirror / Atom feed
From: Theodore Ts'o <tytso@mit.edu>
To: Chris Murphy <lists@colorremedies.com>
Cc: linux-ext4@vger.kernel.org
Subject: Re: GRUB and the risk of block list corruption in extX
Date: Sat, 9 Feb 2013 23:45:55 -0500	[thread overview]
Message-ID: <20130210044555.GD8526@thunk.org> (raw)
In-Reply-To: <B6CCAB6A-D340-47F8-9231-1280151552DC@colorremedies.com>

On Sat, Feb 09, 2013 at 05:17:58PM -0700, Chris Murphy wrote:
> On the other hand…
> 
> > There are some folks who are proposing that we use a bootloader inode:
> > for grub's benefit. 
> 
> Who are requesting this? If not GRUB's devs, it would seem there are
> other developers who are also paranoid.

Well, it was one of the participants (or observers) of 

     https://bugzilla.redhat.com/show_bug.cgi?id=872826

He posted on the linux-ext4 list a week or so ago:

    http://comments.gmane.org/gmane.comp.file-systems.ext4/36637

> > But it's not something that has been terribly high priority, since
> > it's basically more of a security blanket for the grub2 developers
> > more than anything else….
> 
> It may be a security blanket for grub2 developers. However, it
> appears to me users want a security blanket also.

Well, a participant of on the redhat bugzilla inquired about it.

If someone wants to send me some patches, I'm happy to review them.  I
personally think it's not a great use of time, but that's the
wonderful thing about open source.  You can always send patches.  :-)

> Despite my bias against two bootloaders (I think it's ridiculous,
> but then I prefer 1/2 a boot loader), the question I have is if a
> blocklist is really needed to find and load the 2nd boot loader?
> Because needing a blocklist in the VBR implies the first boot loader
> doesn't understand ext(4). If true, before engineering file system
> changes, users need to upgrade their ancient primary boot loader.

It's been a long time since I really spent a lot of time studying
grub, but my understanding is that the first boot loader (which fits
in the MBR) is just too small to have room to understand the ext[234]
file system; you can't really do a lot in 492 bytes of x86
assembly.....  That's why it uses a block list instead.

But honestly, I really don't care a whole lot about the emotional
insecurity of the grub2 developers, and if distributions are worried
about their users being insecure, they can always comment out the
alarmist message in grub2.  Or they can send me patches.  :-)

	 	    	       	    	     - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2013-02-10  4:45 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-10  0:17 GRUB and the risk of block list corruption in extX Chris Murphy
2013-02-10  4:45 ` Theodore Ts'o [this message]
2013-02-11 15:38 ` Eric Sandeen
  -- strict thread matches above, loose matches on Subject: below --
2013-02-07 10:47 Martin Wilck
2013-02-08 11:44 ` Martin Wilck
2013-02-08 16:57 ` Vladimir 'phcoder' Serbinenko
2013-02-08 17:17   ` Vladimir 'phcoder' Serbinenko
2013-02-08 17:17   ` Martin Wilck
2013-02-08 18:42     ` Lennart Sorensen
2013-02-08 18:56       ` Bruce Dubbs
2013-02-08 18:58         ` Lennart Sorensen
2013-02-08 19:11           ` Andrey Borzenkov
2013-02-18 15:42       ` Martin Wilck
2013-02-09  6:22     ` Chris Murphy
2013-02-18 17:16       ` Martin Wilck
2013-02-18 21:07         ` Chris Murphy
2013-02-19  5:02           ` Andrey Borzenkov
2013-02-19  6:24             ` Chris Murphy
2013-02-19  8:43               ` Michael Chang
2013-02-19  9:06                 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-02-19 18:54                 ` Chris Murphy
2013-02-19  8:47           ` Martin Wilck
2013-02-19 18:56             ` Chris Murphy
2013-02-19 19:46               ` Martin Wilck
2013-02-19  9:37           ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-02-19 12:58             ` Martin Wilck
2013-02-19 15:48               ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-02-19 17:17                 ` Martin Wilck
2013-02-19  5:26 ` Andrey Borzenkov
2013-02-19 10:54   ` Martin Wilck
2013-05-03  5:01 ` Andrey Borzenkov
2013-05-03  8:21   ` Martin Wilck
2013-05-03 19:21     ` Dr. Tilmann Bubeck
2013-02-07 10:18 Martin Wilck
2013-02-07 13:27 ` Jan Kara
2013-02-07 15:50 ` Eric Sandeen
2013-02-07 20:53 ` Theodore Ts'o
2013-02-08 10:15   ` Martin Wilck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130210044555.GD8526@thunk.org \
    --to=tytso@mit.edu \
    --cc=linux-ext4@vger.kernel.org \
    --cc=lists@colorremedies.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.