Mailinglist Archive: opensuse-project (73 mails)

< Previous Next >
Re: [opensuse-project] Pro-active security announcement question
On Fri, Jan 25, 2013 at 10:03:21AM -0500, Greg Freemyer wrote:
Marcus,

I just became aware of a data loss bug for all win8 / opensuse dual booters.

The only "fix" is for users to turn off a new win8 feature. As the
ntfs-3g maintainer, I will try to incorporate the patch that blocks
mounting of ntfs / fat filesystems if the feature is found to be in
use, but that is just a stop gap solution to stop users from shooting
themselves. Again, the only real solution is for users to disable the
feature in win8.

Is there a way to announce that now instead of waiting for a ntfs-3g
security patch?

It is not a security issue, even though it is a critical bug.

"security issue" would mean that an attacker could cause damage
by doing something unintended.

This seems intended breakage.


But yes, we should put out updates that somehow detect this and refuse
to mount the fs if present.

Ciao, Marcus

See below for details of the bug.

Thanks
Greg


---------- Forwarded message ----------
From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
Date: Fri, Jan 25, 2013 at 9:40 AM
Subject: Data loss bug for win8 dual booters (including opensuse dual booters)
To: suse <opensuse@xxxxxxxxxxxx>


All,

(someone should forward this to the forums if its not already there).

Just a heads up that win8 introduced a (on by default) feature that
can cause data loss for all dual booters. From what I understand, the
only real solution is to disable the feature in win8.

http://www.h-online.com/open/features/Linux-and-Windows-8-Fast-Startup-puts-data-at-risk-1780640.html

There is a opensuse bug:

Bug 798337 - ntfs and fat filesystem corruption with windows 8 systems
- ntfs-3g vfat state saved across shutdowns

But the opensuse solution I suspect will just be to fail mount
attempts if the new win8 cache file is found.

(I'm the volunteer maintainer for the bug, so I have to research
exactly what the best fix is. This affects all versions of opensuse
including factory. Once I have a potential fix, I will make a call
for testers since I don't have a win8 machine to test with).


--
Greg Freemyer
Intelligent Avatar Corporation

Chief Technology Officer
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -

http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

(678) 653-4860
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References