You are here: silicon.com > Software > Security Strategy

Security Strategy

Data-loss bug afflicts Linux

But only in rather rare situations

By Stephen Shankland

Published: 9 December 2002 08:15 GMT

Programmers have found a bug in newer versions of the Linux operating system that, under unusual circumstances, could cause systems to drop data.

The data-loss bug afflicts the newest 2.4.20 version of the heart, or kernel, of Linux. The new kernel was released on 28 November in Linux companies' updates but is not yet a part of their packaged products.

Although the bug was reported while the 2.4.20 version was still in testing, it wasn't fixed until early Friday morning, two weeks after final release.

To counteract such tracking problems in the future, Linux programmers have begun using more formal bug-tracking tools. Bugs and security problems are big issues today because of the ever-wider use of computer networks and the increasing importance of corporate data. Microsoft, Sun Microsystems, Linux fans and others all are keenly aware of the publicity benefits of crash-proof code, and the perils of problems.

Data-loss problems are dire - companies devote much of their computing budgets to keeping their information from vanishing into the ether.

However, the risks of the recent Linux data-loss bug are reduced because it only appears in a particular circumstance: First, an administrator has to select an unusual mode for Linux's ext3 file system software, which controls how data is stored on hard drives; then the administrator must disconnect the file system where the data is saved. In that case, all data that should have been saved on the hard drive in the previous 30 seconds could be lost.

The data-loss problem is "not very severe," said programmer Andrew Morton in an email interview. It was Morton who pointed out Sunday that the bug hadn't been fixed and who posted a patch on Friday.

Morton added that the bug is contingent on using ext3 in "a specialized mode, which in practice is rather slow. It doesn't offer any realistic advantages over the default... mode, and nobody uses it much. This is why the bug lay dormant for three months."

Red Hat, the top Linux seller, said its customers are only affected by the bug if they downloaded Red Hat updates that incorporate version 2.4.18-17 or later of the Linux kernel. The company made those updates available for versions 7.1, 7.2, 7.3 and 8.0 of Red Hat Linux. Its Advanced Server product isn't affected.

The most recent updates from No. 2 Linux seller SuSE also are affected, the SuSE said. However, SuSE by default uses a different file system, ReiserFS, that isn't affected.

Stephen Shankland writes for News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Infrastructure engineer with strong VMware and SAN Skills banking

Windows 2000 or 2003 Server OS; AD administration, DCHP & DNS; Linux Red Hat OS; NetBackup and Backup Exec; Working knowledge of the Microsoft office ...

Red Hat Administrators needed 35k+(experience dependant) Yorkshire

Hat Linux & HP-UX systems) servers, applications and installation, configuration, testing and maintenance of Systems software to support operational ...

NLPR - Java/OO Developer - Gain Finance -Training given

Overview of technologies used within the team are Swing (used for analyst tools), Tomcat running on Red Hat Linux, JAXB and PL/SQL. This leading ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.





Quick Sitemap Links: