From: Theodore Tso <tytso@mit.edu>
To: Kalpak Shah <kalpak@clusterfs.com>,
linux-ext4 <linux-ext4@vger.kernel.org>,
Lustre-discuss <Lustre-discuss@clusterfs.com>
Subject: Re: [PATCH] Correction to check_filetype()
Date: Tue, 3 Apr 2007 15:58:41 -0400 [thread overview]
Message-ID: <20070403195841.GE31973@thunk.org> (raw)
In-Reply-To: <20070403173716.GW5967@schatzie.adilger.int>
On Tue, Apr 03, 2007 at 11:37:16AM -0600, Andreas Dilger wrote:
> On Mar 31, 2007 10:39 -0400, Theodore Tso wrote:
> > I'm going to let this one soak for a bit to make sure we don't pick up
> > any fase positives or negatives in the hueristics.
> >
> > @@ -133,11 +133,10 @@ int e2fsck_pass1_check_device_inode(ext2
> > + * If the index flag is set, then this is a bogus
> > + * device/fifo/socket
> > */
> > - if ((ext2fs_inode_data_blocks(fs, inode) != 0) ||
> > - (inode->i_flags & EXT2_INDEX_FL))
> > + if (inode->i_flags & EXT2_INDEX_FL)
> > return 0;
>
> There were ancient versions of the kernel that left EXT2_INDEX_FL set
> on all files, instead of just directories... I'm not sure if those
> were in actual released kernels, or just in patches.
Well, we've been running with this in e2fsprogs for quite some time
(August 2002, e2fsprogs 1.28), and no one has complained, so I think
we're safe...
> > +static void check_is_really_dir(e2fsck_t ctx, struct problem_context *pctx,
> > + char *buf)
> > +{
> > + if (ext2fs_read_dir_block(ctx->fs, inode->i_block[0], buf))
> > + return;
>
> Do we call check_blocks() on this inode shortly thereafter? If we do then
> the overhead of reading the first block is offset by not reading it again
> later. Otherwise, this could slow things down.
This is why we only do this on special devices; check_is_really_dir()
doesn't do anything on directory or regular files.
> The one worry I have here (though I don't think it is necessarily IN
> the code you propose) is that someone could create a regular file which
> looks like a directory and somehow get it linked into the filesystem
> tree, giving them escalated access (e.g. device files owned by them,
> suid executables, links to otherwise unreadable files, etc).
I thought of that, but I didn't worry about it because I'm not doing
this check on regular files. Come to think of it I should add a check
so we don't do this for long symlinks, for similar reasons. It would
only matter if the user can force filesystem check, which makes it a
long shot, but we should avoid that issue as well.
> I take it that this code fixes the test image I previously posted?
Yup. Take a look at what I checked in into Mercurial. I added two
separate test cases. One of them directly tests the filetype issue,
and the other tests a mutated directory into a char device case.
- Ted
prev parent reply other threads:[~2007-04-03 19:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-21 9:15 [PATCH] Correction to check_filetype() Kalpak Shah
2007-02-21 11:49 ` Kalpak Shah
2007-02-21 14:49 ` Peter Staubach
[not found] ` <45DC5BFF.4000302-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2007-02-21 15:26 ` Kalpak Shah
2007-03-31 0:44 ` Theodore Tso
[not found] ` <20070331004417.GJ3198-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2007-03-31 8:16 ` Andreas Dilger
2007-03-31 12:35 ` Theodore Tso
2007-03-31 14:39 ` Theodore Tso
2007-03-31 19:40 ` Kalpak Shah
[not found] ` <20070331143926.GG25539-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2007-04-03 17:37 ` Andreas Dilger
2007-04-03 19:58 ` Theodore Tso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070403195841.GE31973@thunk.org \
--to=tytso@mit.edu \
--cc=Lustre-discuss@clusterfs.com \
--cc=kalpak@clusterfs.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).