Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Corrupting ext3 Bug In Latest Linux 2.4.20

Posted by Hemos on from the bad-news dept.

An anonymous reader writes "Andrew Morton alerted readers of the Linux Kernel mailing list today that ext3 in the 2.4.20 kernel has a new bug that can easily cause file data corruption at unmount time. The bug will only affect people using ext3 in "data=journal" mode, which fortunately is not the default... Full details can be read on KernelTrap."

8 of 50 comments (clear)

  1. Re:another victory for open source by The+Bungi · · Score: 3, Insightful
    Yes, remarkable, isn't it?

    Even more remarkable is the fact that these stories always somehow fail to make the front page, while every 2-cent obscure vulnerability discovered in Internet Explorer and IIS are shoved front and center.

    Slashdot needs a bit more balance in the way it covers things. If this had been a problem with the goddamn filesystem (!) in Windows you'd be seeing 900 posts to the tone of "Hah! M$ sucks!!!1!!".

    Sad.

  2. Re:Most Unsecure OS? Yep, It's Linux by GreyWolf3000 · · Score: 3, Insightful
    From the troll that brought you the *BSD is DYING posts (all 5,425 of them) I'm sure. Okay, I'll bite.

    Really though, CERT advisories are inadequate tools for measuring vulnerability. Assuming Linux+apache+ssh, etc., all had equal number of bugs, the number of CERT advisories would be dramatically higher for Linux as opposed to Windows, since Microsoft forces people to hush up when a hole is found, and in the case of Linux, the bugs get reported several times, and the same hole in several distros likely becomes different bugs.

    Hence, the article draws a similar conclusion to something like "Our army suffered more casualties than our opponent's army; hence, our opponent is the victor."

    --
    Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
  3. Re:another victory for open source by jsse · · Score: 2, Insightful

    Klez and ILOVEYOU all have fixes. A lazy person who doesn't update and patch will have an unsecure system regardless of if it runs Windows, Linux, BSD, Mac OS X, or ANYTHING.

    I'm not going to get into pro-some-OS flame war but I'd like to add one thing that you might have missed in the argument.

    The OS that was infected with Klez and ILOVEYOU is a production system.

    While the kernel which has fs corruption bug is supposed to be used by non-production, testing environment, and for those you like to use bleeding edge release.

  4. Why isn't this on the front page? by Anonymous Coward · · Score: 1, Insightful

    Why didn't this make it to the front page? It would be prudent to warn the visitors who don't regularly check the developers section, so that they can take appropriate measures to avoid corruption. This is just plain irresponsible.

    1. Re:Why isn't this on the front page? by walt-sjc · · Score: 4, Insightful

      Um, maybe because regular non-developer type people don't run out and grab the latest kernel that just came out and compile it themselve for the hell of it. Instead, they run whatever version comes with their distro.

      Anyone running the latest bleeding edge stuff keeps up with the LKML anyway, and KNOWS what is going on, way before it would hit a news site like /.

      The sky is falling! Sheesh...

    2. Re:Why isn't this on the front page? by Anonymous Coward · · Score: 2, Insightful

      When 2.4.20 was released, the news made it to the front page. Wouldn't it be appropriate to notify the same people who were notified that this new kernel version was released and ready for download?
      I suspect that there are many Slashdot readers who will compile the latest kernel, but who do not read the developers section.
      I wouldn't consider 2.4.20 "bleeding edge", as it is the latest kernel in the current stable series, and as such is supposed to be safe for running. "Bleeding edge" would be the latest 2.5 kernel or possibly prerelease kernels in the 2.4 series.
      Again, this deserves to be on the front page.

  5. Interesting by droyad · · Score: 3, Insightful

    I just got a similar report of a bug from a Accounting software vendor alerting us to a bug in Windows.

    Apparently in W2k SP1 MS broke something that caused data not to be writen from disk cache to the actual disk, which caused data corruption. This was only fixed in SP3.

    I just find it interesting that this bug was not common knowledge as it is not really a "security" issue so they can't hide behind that smoke screen.

  6. Re:another victory for open source by Phexro · · Score: 4, Insightful

    "While the kernel which has fs corruption bug is supposed to be used by non-production, testing environment, and for those you like to use bleeding edge release."

    Bzzt. 2.4 is the current stable Linux branch, and 2.4.20 is the latest stable version of that branch.

    While this kind of thing is not uncommon in the development branch, it's awful to see in a point release of the stable branch.