* bug in fsck or ext2/ext3?
@ 2007-09-24 16:56 Antoine Martin
2007-09-24 17:04 ` Dave Jones
2007-09-24 17:14 ` Alistair John Strachan
0 siblings, 2 replies; 5+ messages in thread
From: Antoine Martin @ 2007-09-24 16:56 UTC (permalink / raw)
To: tytso, Linux Kernel Development
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Ted / LKML,
I've got this snapshot of an ext3 filesystem with a directory that
simply cannot be removed! (image below is just 1.2MB)
As root:
# wget http://users.nagafix.co.uk/~antoine/root-broken.bz2
# bunzip2 root-broken.bz2
# mount -o loop -t ext2 root-broken ./tmp
# rm -fr tmp/chroot.broken
rm: cannot remove directory (...)
Same result when trying to do anything to those files chown/chmod/touch:
"Operation not permitted"
Tested with e2fsprogs v1.39 on 3 systems.
Not sure where else to post this...
Cheers
Antoine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG9+xHGK2zHPGK1rsRCn6/AJ0S9/D1LTTxsi69uVovKRURa1fFhACfcEzx
8I6nOimUYCFKh9oX6ebnLc0=
=FhTL
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug in fsck or ext2/ext3?
2007-09-24 16:56 bug in fsck or ext2/ext3? Antoine Martin
@ 2007-09-24 17:04 ` Dave Jones
2007-09-24 18:16 ` David Newall
2007-09-24 17:14 ` Alistair John Strachan
1 sibling, 1 reply; 5+ messages in thread
From: Dave Jones @ 2007-09-24 17:04 UTC (permalink / raw)
To: Antoine Martin; +Cc: tytso, Linux Kernel Development
On Mon, Sep 24, 2007 at 05:56:39PM +0100, Antoine Martin wrote:
> I've got this snapshot of an ext3 filesystem with a directory that
> simply cannot be removed! (image below is just 1.2MB)
> As root:
> # wget http://users.nagafix.co.uk/~antoine/root-broken.bz2
> # bunzip2 root-broken.bz2
> # mount -o loop -t ext2 root-broken ./tmp
> # rm -fr tmp/chroot.broken
> rm: cannot remove directory (...)
> Same result when trying to do anything to those files chown/chmod/touch:
> "Operation not permitted"
>
> Tested with e2fsprogs v1.39 on 3 systems.
> Not sure where else to post this...
Various files in the directories it complains about have their 'i'
bit set. lsattr will show you. chattr -i those files, and the
directory is removable again.
Dave
--
http://www.codemonkey.org.uk
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug in fsck or ext2/ext3?
2007-09-24 16:56 bug in fsck or ext2/ext3? Antoine Martin
2007-09-24 17:04 ` Dave Jones
@ 2007-09-24 17:14 ` Alistair John Strachan
1 sibling, 0 replies; 5+ messages in thread
From: Alistair John Strachan @ 2007-09-24 17:14 UTC (permalink / raw)
To: Antoine Martin; +Cc: tytso, Linux Kernel Development
On Monday 24 September 2007 17:56:39 Antoine Martin wrote:
> Hi Ted / LKML,
>
> I've got this snapshot of an ext3 filesystem with a directory that
> simply cannot be removed! (image below is just 1.2MB)
> As root:
> # wget http://users.nagafix.co.uk/~antoine/root-broken.bz2
> # bunzip2 root-broken.bz2
> # mount -o loop -t ext2 root-broken ./tmp
> # rm -fr tmp/chroot.broken
> rm: cannot remove directory (...)
> Same result when trying to do anything to those files chown/chmod/touch:
> "Operation not permitted"
>
> Tested with e2fsprogs v1.39 on 3 systems.
> Not sure where else to post this...
URL is broken. Tried doing a "lsattr" to ensure no xattrs (like +i) are set?
--
Cheers,
Alistair.
137/1 Warrender Park Road, Edinburgh, UK.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug in fsck or ext2/ext3?
2007-09-24 17:04 ` Dave Jones
@ 2007-09-24 18:16 ` David Newall
2007-09-24 18:21 ` Dave Jones
0 siblings, 1 reply; 5+ messages in thread
From: David Newall @ 2007-09-24 18:16 UTC (permalink / raw)
To: Dave Jones, Antoine Martin, tytso, Linux Kernel Development
Dave Jones wrote:
> On Mon, Sep 24, 2007 at 05:56:39PM +0100, Antoine Martin wrote:
>
> > # rm -fr tmp/chroot.broken
> > rm: cannot remove directory (...)
> > Same result when trying to do anything to those files chown/chmod/touch:
> > "Operation not permitted"
>
> Various files in the directories it complains about have their 'i'
> bit set. lsattr will show you. chattr -i those files, and the
> directory is removable again.
Additionally, this is a classic symptom of malware. A directory named
"..." is a big hint.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug in fsck or ext2/ext3?
2007-09-24 18:16 ` David Newall
@ 2007-09-24 18:21 ` Dave Jones
0 siblings, 0 replies; 5+ messages in thread
From: Dave Jones @ 2007-09-24 18:21 UTC (permalink / raw)
To: David Newall; +Cc: Antoine Martin, tytso, Linux Kernel Development
On Tue, Sep 25, 2007 at 03:46:25AM +0930, David Newall wrote:
> Dave Jones wrote:
> > On Mon, Sep 24, 2007 at 05:56:39PM +0100, Antoine Martin wrote:
> >
> > > # rm -fr tmp/chroot.broken
> > > rm: cannot remove directory (...)
> > > Same result when trying to do anything to those files chown/chmod/touch:
> > > "Operation not permitted"
> >
> > Various files in the directories it complains about have their 'i'
> > bit set. lsattr will show you. chattr -i those files, and the
> > directory is removable again.
>
> Additionally, this is a classic symptom of malware. A directory named
> "..." is a big hint.
That was "..." as in "more stuff follows" rather than the actual name
being reported.
Dave
--
http://www.codemonkey.org.uk
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-09-24 18:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-24 16:56 bug in fsck or ext2/ext3? Antoine Martin
2007-09-24 17:04 ` Dave Jones
2007-09-24 18:16 ` David Newall
2007-09-24 18:21 ` Dave Jones
2007-09-24 17:14 ` Alistair John Strachan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox