lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 4 Aug 2011 01:51:00 GMT
Subject: [Bug 40512] New: EXT4_IOC_MIGRATE is dangerous on directories

           Summary: EXT4_IOC_MIGRATE is dangerous on directories
           Product: File System
           Version: 2.5
    Kernel Version: 2.6.39
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: ext4
        Regression: No

Using EXT4_IOC_MIGRATE on a non-extent directory seems to have terrible
consequences. Consider the following example. "dir" is a old directory without

$ ls -la dir/
total 12
drwxr-xr-x  2 benjamin benjamin 4096 Aug  3 20:42 .
drwxr-xr-x 47 benjamin benjamin 4096 Aug  3 20:42 ..
-rw-r-----  1 benjamin benjamin    7 Aug  3 20:42 something.txt
$ cat migrate.c
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>

main(int argc, char **argv)
    const char *fn = argv[1];
    int fd, ret;

    fd = open(fn, O_RDONLY);
    /* This invokes EXT4_IOC_MIGRATE. */
    ret = ioctl(fd, 0x6609);
    if (ret < 0) {
        fprintf(stderr, "ioctl failed\n");
        return 1;
    printf("Migration successful?\n");
    return 0;
$ gcc -o migrate migrate.c
$ ./migrate dir
Migration successful?
$ ls -la dir
total 0 # !!!!!!!!!!!!!!

Also, we why are you allowed to migrate stuff with only O_RDONLY access?

Configure bugmail:
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists