On Mar 31, 2007 10:39 -0400, Theodore Tso wrote:
> I'm going to let this one soak for a bit to make sure we don't pick up
> any fase positives or negatives in the hueristics.
>
> @@ -133,11 +133,10 @@ int e2fsck_pass1_check_device_inode(ext2
> + * If the index flag is set, then this is a bogus
> + * device/fifo/socket
> */
> - if ((ext2fs_inode_data_blocks(fs, inode) != 0) ||
> - (inode->i_flags & EXT2_INDEX_FL))
> + if (inode->i_flags & EXT2_INDEX_FL)
> return 0;
There were ancient versions of the kernel that left EXT2_INDEX_FL set
on all files, instead of just directories... I'm not sure if those
were in actual released kernels, or just in patches.
> +static void check_is_really_dir(e2fsck_t ctx, struct problem_context *pctx,
> + char *buf)
> +{
> + if (ext2fs_read_dir_block(ctx->fs, inode->i_block[0], buf))
> + return;
Do we call check_blocks() on this inode shortly thereafter? If we do then
the overhead of reading the first block is offset by not reading it again
later. Otherwise, this could slow things down.
> + dirent = (struct ext2_dir_entry *) buf;
> + if (((dirent->name_len & 0xFF) != 1) ||
> + (dirent->name[0] != '.') ||
> + (dirent->inode != pctx->ino) ||
> + (dirent->rec_len < 12) ||
> + (dirent->rec_len % 4) ||
> + (dirent->rec_len >= ctx->fs->blocksize - 12))
> + return;
> +
> + dirent = (struct ext2_dir_entry *) (buf + dirent->rec_len);
> + if (((dirent->name_len & 0xFF) != 2) ||
> + (dirent->name[0] != '.') ||
> + (dirent->name[1] != '.') ||
> + (dirent->rec_len < 12) ||
> + (dirent->rec_len % 4))
> + return;
> +
> + if (fix_problem(ctx, PR_1_TREAT_AS_DIRECTORY, pctx)) {
> + inode->i_mode = (inode->i_mode & 07777) | LINUX_S_IFDIR;
> + e2fsck_write_inode_full(ctx, pctx->ino, inode,
> + EXT2_INODE_SIZE(ctx->fs->super),
> + "check_is_really_dir");
> }
The one worry I have here (though I don't think it is necessarily IN
the code you propose) is that someone could create a regular file which
looks like a directory and somehow get it linked into the filesystem
tree, giving them escalated access (e.g. device files owned by them,
suid executables, links to otherwise unreadable files, etc).
It would seem that this is only a danger if the mode on the file is
corrupted, which shouldn't really be doable by a regular user, but
it is definitely something to consider.
I take it that this code fixes the test image I previously posted?
Cheers, Andreas
--
Andreas Dilger
Principal Software Engineer
Cluster File Systems, Inc.
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
