Slashdot Mirror
The 25-Year-Old BSD Bug
sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer's comments and a technical description of the bug.
"This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more."
...of the superiority of Microsoft.
but they had more important things to do. At least until Balmer started throwing chairs.
Of course, now that I've R'd the FA, I understand that it's the first entry in the block (of which a directory with a sufficient number of files would have multiple), and not the first entry in the directory. Kindly ignore my previous response... Nothing to see here...
Isn't it? The bug WAS found, wasn't it?
How many "eyes" were watching BSD systems use Samba for a DOS filesystem? Seems to me, someone saw behavior and exactly because it was open source, looked into it, found the coding error and filed a bug report. It will be fixed, because everyone now knows about this, and that too is a side effect of open source, even if it's related to the politics.
From the sounds of it, this was a bug that was not triggered very often. When it was finally triggered, investigated and fixed the person who found it released the info publicly, thanks to the beauty of Open Source, and everyone affected, commercial entities and FOSS users using the code alike, benefited. If this were a proprietary system that were licensed out to various companies stricken by NDAs etc. it's quite likely that if one company discovered the bug the others would never learn about it.
The first entry in a disk block, not the first entry in a directory. Each disk block is 512 bytes, so you can store around 30 files in there with shortish file names (each stores the name, the inode and a cumulative free space counter). For large directories you have around a one in 30 chance that the deleted file will be the first one in a block. Delete a dozen files from a large directory and there's a pretty large chance you'll hit this bug.
I am TheRaven on Soylent News
an existential philosopher turned empiricist perhaps?
-1 not first post
This is the power of Open Source!
With all those eyes looking at the code, stuff like this gets ID'd and fixed LICKITY SPLIT!
(runs and hides)
If you want news from today, you have to come back tomorrow.
This bug has been around for a long time, but is only visible if you have large directories and delete files from them in between calls to readdir and seekdir. This is quite uncommon behaviour, and was incredibly uncommon 25 years ago when filesystems were much smaller and directories almost never contained enough files to require more than one or two disk blocks to store the directory.
When the Samba people found it, they decided to just code a work-around and not bother to report it to any of the BSD teams. If they had done, it would probably have been fixed in 22 years.
Now that it has been fixed in OpenBSD, the change can easily be taken and incorporated into FreeBSD, NetBSD, DragonFlyBSD and Darwin.
I am TheRaven on Soylent News
Except that the bug had been triggered many times before, seeing as how Samba had code in place to work around it.
This bug has been around for a long time, but is only visible if you have large directories and delete files from them in between calls to readdir and seekdir.
But that's exactly my point, isn't it? The bug was only "visible" through its behavior, not its manifestation in code. The shallow bugs argument basically says that if enough people stare at the code, they will find the bugs. Clearly that did not happen here.
Whether the bug fix can propagate rapidly has nothing to do with what I'm talking about. I'm not trying to disparage the concept of open source, I'm arguing that the shallow-bugs argument should be rejected.
Bug tracking software missed this because it's bug #1. lol.
The most telling thing in TFA for me was that the bug had been identified by the Samba team and a workaround implemented for Samba.
Surely both the samba communities and the *BSD communities are active enough that this could have been passed on for further investigation by the *BSD crowd? (Sure, samba probably would still need a workaround, particularly given the long uptimes and widespread deployment of *BSDs)
I know nothing of the devs at Samba and *BSD, but seems a bit strange. Perhaps they did try..
Meanwhile, congrats to Marc on fixing a bug. One of the most touted benefits of open source (whatever your license) code.
--Q
If no one has cared enough to fix it for 25 years, I'm guessing this should be rated as "inconsequential."
Must have been a really slow news day at OSNews.
Invenio via vel creo
One would think that after all these years, Windows source would have leaked, Microsoft being what they are. Everyone knows that your most secret secrets are the first things to leak... And yes, I've seen the "secret MS code" joke.
If you want news from today, you have to come back tomorrow.
This is like saying global warming either does exist because today was the hottest on record, or does not exist because today was the coldest on record. Why are these analogous? Because in both situations, you're only considering one data point, which does not even begin to indicate a trend.
It doesn't let you hide an executable. Something like ls, which iterates over the directory entries, will see the executable. It's only things which maintain an internal cache of directory entries which will have the problem. The 'fix' for Samba was to turn off directory caching and this made all of the files visible again.
I am TheRaven on Soylent News
If you define BSD as a collection of bugs, this story proves that BSD is dying.
--
make install -not war
seekdir and readdir are unreliable when you're modifying the directory being read. The API requirement is that readdir return each directory entry that existed at the time the directory was opened exactly once. In the traditional UNIX implementation, the directory is simply a sequential stream of bytes; this is pretty easy -- you can simply lseek to the position that telldir returned. However, other systems don't use something that simple -- Mac OS X, for example, uses a B-Tree for the catalog file. Worse, they use a single catalog file for the entire filesystem's catalog, meaning that any modifications (adding, removing, or renaming files anywhere) causes the layout to change.
And telldir only returns a long, which -- in most implementations -- is smaller than off_t, so a simplistic implementation can have some problems. Of course, having a directory that's larger than 4GBytes could result in some other problems 8-).
You see what you're looking for, most of the time. This sounds like a subtle bug that you're not going to find until you go looking for it; it's hard to invoke under normal usage patterns. Nobody stared at that code looking for this problem until now. But if it was closed source, the guy who fixed it wouldn't have been able to look at it and find the problem.
A quick googling of "many eyes make all bugs shallow" brings me the more complete statement that adage is simplified from: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." (Linus via ESR). Clearly this 25-year-old bug is one of the exceptions that calls for the 'almost'.
egypt urnash minimal art.
i dont think its easy to trigger this reliably enough to use it to hide files.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Erm. That's not what "many eyes make bugs shallow" means.
Well. Just reading the source is part of it, but not all.
Fact is, if I run into odd behaviour when testing/using - if the source is available I can read it, I can breakpoint.
I cannot do that with a binary.
So yes. Things did occur as they were supposed to. Someone found something odd, they were able to look at code in question, and fix it.
The shallowness is the fact that there is a direct connection between the thousands of testers/users and the code in question.
Instant turnaround. No "user reports behaviour in detailed fashion, including testcase, to some corporate e-mail address, and maybe it eventually gets a to a developer three layers down who may be able to figure it out and fix it if he has the time"
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
After this long would this not be considered a feature? :)
My Web Site - www.ocean-liners.com
Considering how old this bug is, and how much work-around code probably exists as a result, I wonder how many new bugs this bug fix will create.
What really intrigues me is that this had been discovered, years earlier, by the Samba folk.
Did the Samba folk not tell the BSD folk of the issue?
3 thoughts on this:
1. I think this bug would be classified "archeological".
2. The question now is what happens to the Samba work-around patches. Now that the bug is fixed, do the patches cause a side-effect (i.e. "a new bug")?
3. This gives rise to a new meme of nerd insults. "You call yourself a programmer? Why I've fixed bugs older than you!" Of course, only one man is entitled to use that line.
Perhaps they didn't feel like doing the "no, it's supposed to work like that, you're wrong" dance.
Sure it's found, but after 20+ years? That's not what I call a good approach.
;).
;) ) users in and watch them, and even then you MUST have _trained_ eyes to watch them. The trained eyes can often spot problems the naive users are experiencing - the naive users may not even realize they are experiencing problems or realize what is wrong...
"many eyes make bugs shallow" is equivalent to the "infinite number of monkeys..." thing.
In my experience it's better to have quality than quantity when it comes to the eyes used for finding bugs.
Any idiot can tell you about obvious bugs, and it's kind of waste of time to see 1 million duplicate bug reports, because it's too slow to search through 100 million other bugs (with dupes) for dupes
For UI stuff, you get the naive (as in not yet unexposed to your evil software
No, this story proves that BSD is dying because there was a bug in it and no complaints were heard for 25 years.
However... You are mistaken. Clearly that DID happen here. That is exactly what happened. It took a long time, granted, but it was found, it was fixed, and (seeing as no one was really bothered by it too much) it was even done in a "timely manner." (Albeit a very long time but it didn't seem to impact anyone to any great length.)
The bug was found, the code was open, the bug was fixed. Hell, it isn't even newsworthy. It's just a squished bug that had no real impact in the majority of people's experiences. The impact was so small that people coded around it, so be it. Open source doesn't even demand that it be bug free. Coding around an existing bug is perfectly okay (I think). Fixing the bug may have taken valuable developer time away from their core projects for all I know. Either way, it was found, it was fixed, and because of the open source nature of the software these two things were possible.
"So long and thanks for all the fish."
Hmmm....if the bug was found in 4.2BSD, then how do we know that that bug was not also in original AT&T UNIX that 4.2 BSD is derived from? One could always look in the source released by Caldera (now known as "The SCO Group") some years back.
My blog
...because currently, no Linux bug could possibly be older than roughly 17 years. :-)
Heck, how many other bugs have been fixed over the years?
These detracting arguments smack of FUD mongering...
Seven Days with Ubuntu Unity
Excellent point.
This is touted as a slip up (or flaw) in the Open Source model of doing things, yet a proprietary software developer, and one of the largest mind you, failed to spot this completely.
Seven Days with Ubuntu Unity
I am sure you will agree that the correct statement sans flamebait modifications does not warrant a "clear contradiction" as many detractors of FOSS who are jumping at this opportunity to point out a example of a fixed bug that was not necessarily a security risk and saying "see, the OSS model is clearly flawed! BSD has a 25year old bug that was only fixed now!"
Take off your paranoid hat. Holy crap. I am an open source author myself. I just have always hated this particular argument.
BSD has been checked over by 'quality' eyes--when it was used as the basis of NeXT/OSX, for example. They missed it too.
If the code wasn't open (i.e. if there weren't many eyes), this bug would have remained forever, or at least until the code was dumped.
Am I the only one who thinks it's quite impressive to have 25 year old code still being used and employed on new systems?
What?
If this were a proprietary system that were licensed out to various companies stricken by NDAs etc. it's quite likely that if one company discovered the bug the others would never learn about it.
That, or the individual who discovers it would be fired, blacklisted, and possibly be arrested and charged with some criminal act.
What?
Is the MPEG Chroma bug. That was created by someone who wrote one of the original MPEG decoders that was eventually sold/distributed to most of the companies making the first DVD players (pre-1993). This one just won't go away either - initially most of the DVD manufacturers refused to acknowledge it even existed (probably because they didn't want to recall millions of DVD players with non-upgradeable firmware). I still see it every now and then on TV (indicating one of the upstream broadcasting companies is still using equipment afflicted with the bug). I notice it most often when diagonal red lines end up staircased like they're poorly interlaced (see pictures in the above link).
Surly a bug this old should be reclassified as a scrab beetle?
Samba could have reported it, but perhaps when they noticed in 2005, they also noticed that the July 2003 discussion on freebsd-hackers already acknowledged the existance of the bug, but never actually fixed it.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Wuh? thousands of projects that prove the point, and one single bug that doesn't, so reject the whole argument?
You sound like those people that don't like evolution. The concept of shallow bugs is an approximate description of how things work, not a methodology. Also, if enough people stare at the code and use it, they will find the bugs that matter.
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
I don't believe that many in the open source community dogmatically accept the shallow-bugs arguement as a universally applicable rule of software development. It seems to me that any reasonable person would agree that
- Not all eyeballs are equal. Theo and Linus are vastly better at code reviews than the average Slashdot reader, for example. So, there is a wide range of eyeball quality.
- Bugs have a wide distribution of subtlety. The bug in this article seems to be high on the subtlety scale.
- The 'with enough eyes all bugs are shallow' statement is universally recoginized as simplification. For example, ESR states that a better statement is:
So, yes, if you start with the sound bite version of a 'law' and apply it to a statistical anomaly, you can 'disprove' the law. We now agree that the sound bite doesn't perfectly correlate with 'real world' So, you are now forced to decide if the relationship expressed in the 'law' is uncorrelated (bug fixing uncorrelated with eyeballs) , anti-correlated (eyeballs hinder bug fixing) or correlated (eyeballs often help bug fixing). I believe that the law is still a good rule of thumb and that the correlation between 'many eyes' and 'bug get found' is strong.Think global, act loco
So, it is just another Open Source bug which the developers did not care to fix because it was not the itch to scratch. Similar to plenty of other bugs which are notified in bugzilla kind of systems and the developers just ignore for months and even years.
Ubuntu is an African word meaning 'I can't configure Debian'
The problem is that the stdio directory scanning routines cache multiple directory entries with a single getdirentries() system call, but then may try to 'seek' into the middle of that buffer later on.
Any filesystem based on a non-linear-file directory format, such as a B-Tree, will simply never produce consistent offsets or indices within such a buffer.
The only way to *REALLY* fix this is to add a cookie field to the filesystem-independant dirent structure (and if your BSD isn't using a filesystem-independant dirent structure, it needs to be first fixed to do that). lseek()ing to a directory cookie works just fine, and always will (or at least will far more robustly then trying to scan a re-cached buffer from getdirentries()).
When DragonFly went to a filesystem-independant dirent structure I very stupidly only added ~40 reserved bits to the dirent structure, instead of the 64 we need to properly implement per-entry directory cookies. I'm still pissed at myself for that gaff.
In anycase, a per-entry directory cookie effectively solves the problem. The only other way to get such cookies, if it can't be embedded in the dirent structure, is to create a new system call similar to getdirentries() but which also populates an array of directory cookies. FreeBSD and DragonFly have kernel implementations of readdir which supply per-entry directory cookies so it is really just a matter of creating the new system call and then making libc use it.
-Matt
Nobody's saying that - that would be retarded. What's said is that there would be fewer undiscovered bugs, and more rapid and complete fixes. Notice how he began his investigation by looking at the SAMBA source code. You might also note that he was able to look into the second issue as well, making both SAMBA and FreeBSD a tiny bit better along the way.
If this fix had happened at a closed shop the biggest difference is that you probably wouldn't be reading about it.
No, we did report it. The answer at the time was "this is allowed by POSIX, deal with it", can be seen in the bug report here :
:-). Eventually I just added a parameter that allowed our open directory cache to be turned off on *BSD. Once it got into the hands of Marc Balmer he took us seriously and fixed the bug.
https://bugzilla.samba.org/show_bug.cgi?id=4715
I did point out that no other POSIX system behaved like that, but that didn't seem to make much difference
Jeremy.
I wonder if one could sue SCO for crappy code?
I mean, a burglar can sue the owner of the property they're burgling for leaving it in a dangerous condition, so why not this too?
That's if it were true, of course.
Max.
You think this only happens in the open source world? Let me show you what the "defect priority analysis" would look like at my work were we to receive a report about this bug: Reproducible: Yes Frequency of occurrence: Extremely low, only comes manifests for a very rare corner case. Systems known to be impacted: None, systems that have noticed defect previously have already implemented a workaround. Current known impact upon the functionality of the system: None Systems currently using code where defect is present with no impact: All systems accessing a directory Potential negative impact of an incorrect fix: Extremely high, potentially crippling filesystem traversal. Proposed solution: Wait till people stop using DOS filesystems.
Why would I write a fix to give to you when I know you wont be adding it to your program at all?
Why would I write it at all? Specifically in this case, its usually considered 'bad' for a user level application to require you to patch your kernel, and only on a certain OS but none of the others. I realize this is done, but no one likes it.
Especially when you can replace 'if you are on bsd, you must patch your kernel' with the current 'you do nothing, the software will figure it out and it will just work'.
The samba team can not force the BSD team to change bits of their software. All the samba team can control is their own code, which they used to code the work around so it would still work, without having to tell bsd users "sorry, a feature of your os (that every other os calls a bug) prevents our software from running". Someone else would patch samba to work around this non-bug 'feature' and then you get the same situation as now.
Of course of the original bsd dev would have dropped his ego and code-political agenda for a minute and just admit it was a bug, none of this would have happened, and it would have been fixed right after it was reported the first time.
That's "scarab" beetle, and don't call me Surly.
a) large "tooltips" (by which I assume you mean img title attributes) render "properly" instead of truncated in FF3b5
b) truncating title attributes is not a bug
If you're going to work in Open Source projects related to Operating Systems, stay away. The dreaded "trade secrets" accusation could ruin your whole career.
BSD and the *nixes were designed to be simple, effective, modular operating systems. As long as you have the drivers and know how, you can easily port them over and install them on a variety of hardware. Then, thanks to their modular nature, you can then plug in all the extra bells and whistles you need for your particular system and go to town.
That is why they are still around and still popular. They are K.I.S.S., work as they are supposed to, and the modular code that is plugged into them can just be sloughed away when it becomes out dated, and newer, better code plugged in to modernize the OS as you go.
That's also why Windows has had so many problems over the years. Windows was designed to be everything you need in a single package. That means everything is all tied up together. So, unlike BSD and the *nixes, when part of the OS becomes out dated, MS can't just unplug the old stuff and plug in new stuff. It's all interlinked from the ground up. That means a large portion of development time getting is spent fixing bugs caused by new additions, which then cause even more problems down the line when you go to update again. It also makes it bloated as legacy code ends up stuck in the mix because without it the patched together additions wouldn't function right.
And, unfortunately for MS, their market dominance is based on the windows "feel" being familiar and backwards compatibility. If they could, I'm sure they'd re-write windows from the ground up, but now they are in a catch 22 where doing so might significantly kill their market share.
I'm guessing Bill and company sometimes look back and kick themselves for not having the guts to go for broke and re-do the OS from the ground up for Windows XP. Because, back then MS was still king, Apple was at its low point with a very small and stagnant market share, and the *nixes were still primarily a hard core enthusiast hobby. Today, if MS were to completely change Windows, they'd probably lose a significant amount of market share to a variety of alternatives.
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
This is not the first time the OpenBSD time does an excellent job at finding obscure bugs that were lying around for one or two decades in every BSD derivative. Congratulations !
{{.sig}}
Thanks for the link, it made for an interesting read. The "allowed by POSIX" argument is amusing given that if you flip the manual page (in the linked POSIX site) over to seekdir it clearly states that seekdir(telldir()) works as the Samba code needed it to. Ah well, at least the fix finally happened three years later.
And even more important, they would have to code a workaround anyway, to unbreak older BSD systems running Samba.
Xfce: Lighter than some, heavier than others. Just right.