[PATCH] UBUNTU: [Config] ext3 defaults to ordered mode

Tim Gardner tim.gardner at canonical.com
Thu Jan 21 13:20:25 UTC 2010


Surbhi Palande wrote:
> This patch fixes bug 510067 on launchpad.
> This patch enables the compile time option CONFIG_EXT3_DEFAULTS_TO_ORDERED
> to ensure the data=ordered mode for an ext3 fs mount. This prevents a security 
> threat of older data being inadvertently exposed, that arises from mounting the
> ext3 fs with the data=writeback mode.
> 
> Do consider merging this for Karmic.
> 
> 
> From 6978a248df3aab38476659e164020b35f7b227ad Mon Sep 17 00:00:00 2001
> From: Surbhi Palande <surbhi.palande at canonical.com>
> Date: Wed, 20 Jan 2010 15:28:31 +0200
> Subject: [PATCH] UBUNTU: [Config] ext3 defaults to ordered mode
> 
> BugLink: http://bugs.launchpad.net/bugs/510067
> Ignore: yes
> 
> To prevent a security threat of older data being inadvertently exposed,
> the default mount option of ext3 should be ordered instead of writeback. This
> patch enables the compile time option CONFIG_EXT3_DEFAULTS_TO_ORDERED
> to ensure the data=ordered mode for an ext3 fs mount.
> 
> Signed-off-by: Surbhi Palande <surbhi.palande at canonical.com>
> ---
>  debian.master/config/config.common.ports  |    2 +-
>  debian.master/config/config.common.ubuntu |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/debian.master/config/config.common.ports b/debian.master/config/config.common.ports
> index 39ee289..4e22aeb 100644
> --- a/debian.master/config/config.common.ports
> +++ b/debian.master/config/config.common.ports
> @@ -817,7 +817,7 @@ CONFIG_EXT2_FS_POSIX_ACL=y
>  CONFIG_EXT2_FS_SECURITY=y
>  CONFIG_EXT2_FS_XATTR=y
>  # CONFIG_EXT2_FS_XIP is not set
> -# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
> +CONFIG_EXT3_DEFAULTS_TO_ORDERED=y
>  CONFIG_EXT3_FS=y
>  CONFIG_EXT3_FS_POSIX_ACL=y
>  CONFIG_EXT3_FS_SECURITY=y
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index 462c1c1..2477234 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -943,7 +943,7 @@ CONFIG_EXT2_FS_POSIX_ACL=y
>  CONFIG_EXT2_FS_SECURITY=y
>  CONFIG_EXT2_FS_XATTR=y
>  # CONFIG_EXT2_FS_XIP is not set
> -# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
> +CONFIG_EXT3_DEFAULTS_TO_ORDERED=y
>  CONFIG_EXT3_FS=y
>  CONFIG_EXT3_FS_POSIX_ACL=y
>  CONFIG_EXT3_FS_SECURITY=y

Since we're already thinking about performance degradation with ext4, is
this going to have an adverse impact on ext3 performance? It seems to me
that the vulnerability window that this closes is vanishingly small, and
really only applies to multi-user machines (I think). After all, who
cares if the vulnerability exists on your laptop? You're likely the only
user anyway.

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list