| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1371007922-20423-1-git-send-email-adilger@dilger.ca>
Date: Tue, 11 Jun 2013 21:32:02 -0600
From: Andreas Dilger <adilger@...ger.ca>
To: tytso@....edu
Cc: linux-ext4@...r.kernel.org, Andreas Dilger <adilger@...ger.ca>
Subject: [PATCH] mke2fs: don't set root dir UID/GID automatically
Don't change the root directory's UID/GID automatically just because
mke2fs was run as a non-root user. This can be confusing for users,
and is not flexible for non-root installation tools that need to
create a filesystem with different ownership from the current user.
Add the "-E root_owner[=uid:gid]" option to mke2fs so that the user
and group can be explicitly specified for the root directory. If
the "=uid:gid" argument is not specified, the current UID and GID
are extracted from the running process, as was done in the past.
Signed-off-by: Andreas Dilger <adilger@...ger.ca>
---
misc/mke2fs.8.in | 9 ++++++
misc/mke2fs.c | 45 +++++++++++++++++++++++------
tests/m_root_owner/expect.1 | 67 +++++++++++++++++++++++++++++++++++++++++++
tests/m_root_owner/script | 4 ++
4 files changed, 116 insertions(+), 9 deletions(-)
create mode 100644 tests/m_root_owner/expect.1
create mode 100644 tests/m_root_owner/script
diff --git a/misc/mke2fs.8.in b/misc/mke2fs.8.in
index 023ba49..08f3e36 100644
--- a/misc/mke2fs.8.in
+++ b/misc/mke2fs.8.in
@@ -268,6 +268,15 @@ small risk if the system crashes before the journal has been overwritten
entirely one time. If the option value is omitted, it defaults to 1 to
enable lazy journal inode zeroing.
.TP
+.BI root_owner [=uid:gid]
+Specify the numeric user and group ID of the root directory. If no UID:GID
+is specified, use the user and group ID of the user running \fBmke2fs\fR.
+In \fBmke2fs\fR 1.42 and earlier the UID and GID of the root directory were
+set by default to the UID and GID of the user running the mke2fs command.
+The \fBroot_owner=\fR option allows explicitly specifying these values,
+and avoid side-effects for users that do not expect the contents of the
+filesystem to change based on the user running \fBmke2fs\fR.
+.TP
.B test_fs
Set a flag in the filesystem superblock indicating that it may be
mounted using experimental kernel code, such as the ext4dev filesystem.
diff --git a/misc/mke2fs.c b/misc/mke2fs.c
index bbf477a..227d07c 100644
--- a/misc/mke2fs.c
+++ b/misc/mke2fs.c
@@ -88,6 +88,8 @@ int discard = 1; /* attempt to discard device before fs creation */
int direct_io;
int force;
int noaction;
+uid_t root_uid;
+gid_t root_gid;
int journal_size;
int journal_flags;
int lazy_itable_init;
@@ -391,21 +393,19 @@ static void create_root_dir(ext2_filsys fs)
com_err("ext2fs_mkdir", retval, _("while creating root dir"));
exit(1);
}
- if (geteuid()) {
+ if (root_uid != 0 || root_gid != 0) {
retval = ext2fs_read_inode(fs, EXT2_ROOT_INO, &inode);
if (retval) {
com_err("ext2fs_read_inode", retval,
_("while reading root inode"));
exit(1);
}
- uid = getuid();
- inode.i_uid = uid;
- ext2fs_set_i_uid_high(inode, uid >> 16);
- if (uid) {
- gid = getgid();
- inode.i_gid = gid;
- ext2fs_set_i_gid_high(inode, gid >> 16);
- }
+
+ inode.i_uid = root_uid;
+ ext2fs_set_i_uid_high(inode, root_uid >> 16);
+ inode.i_gid = root_gid;
+ ext2fs_set_i_gid_high(inode, root_gid >> 16);
+
retval = ext2fs_write_new_inode(fs, EXT2_ROOT_INO, &inode);
if (retval) {
com_err("ext2fs_write_inode", retval,
@@ -612,6 +612,8 @@ static void show_stats(ext2_filsys fs)
ext2fs_r_blocks_count(s),
100.0 * ext2fs_r_blocks_count(s) / ext2fs_blocks_count(s));
printf(_("First data block=%u\n"), s->s_first_data_block);
+ if (root_uid != 0 || root_gid != 0)
+ printf(_("Root directory owner=%u:%u\n"), root_uid, root_gid);
if (s->s_reserved_gdt_blocks)
printf(_("Maximum filesystem blocks=%lu\n"),
(s->s_reserved_gdt_blocks + fs->desc_blocks) *
@@ -835,6 +837,29 @@ static void parse_extended_opts(struct ext2_super_block *param,
EXT2_MKJOURNAL_LAZYINIT : 0;
else
journal_flags |= EXT2_MKJOURNAL_LAZYINIT;
+ } else if (!strcmp(token, "root_owner")) {
+ if (arg) {
+ root_uid = strtoul(arg, &p, 0);
+ if (*p != ':') {
+ fprintf(stderr,
+ _("Invalid root_owner: '%s'\n"),
+ arg);
+ r_usage++;
+ continue;
+ }
+ p++;
+ root_gid = strtoul(p, &p, 0);
+ if (*p) {
+ fprintf(stderr,
+ _("Invalid root_owner: '%s'\n"),
+ arg);
+ r_usage++;
+ continue;
+ }
+ } else {
+ root_uid = getuid();
+ root_gid = getgid();
+ }
} else if (!strcmp(token, "discard")) {
discard = 1;
} else if (!strcmp(token, "nodiscard")) {
@@ -872,6 +897,8 @@ static void parse_extended_opts(struct ext2_super_block *param,
"\tresize=<resize maximum size in blocks>\n"
"\tlazy_itable_init=<0 to disable, 1 to enable>\n"
"\tlazy_journal_init=<0 to disable, 1 to enable>\n"
+ "\troot_uid=<uid of root directory>\n"
+ "\troot_gid=<gid of root directory>\n"
"\ttest_fs\n"
"\tdiscard\n"
"\tnodiscard\n"
diff --git a/tests/m_root_owner/expect.1 b/tests/m_root_owner/expect.1
new file mode 100644
index 0000000..97ce1f6
--- /dev/null
+++ b/tests/m_root_owner/expect.1
@@ -0,0 +1,67 @@
+Filesystem label=
+OS type: Linux
+Block size=1024 (log=0)
+Fragment size=1024 (log=0)
+Stride=0 blocks, Stripe width=0 blocks
+128 inodes, 1024 blocks
+51 blocks (4.98%) reserved for the super user
+First data block=1
+Root directory owner=1234:1234
+Maximum filesystem blocks=1048576
+1 block group
+8192 blocks per group, 8192 fragments per group
+128 inodes per group
+
+Allocating group tables: ...done
+Writing inode tables: ...done
+Writing superblocks and filesystem accounting information: ...done
+
+Filesystem features: ext_attr resize_inode dir_index filetype sparse_super
+
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 11/128 files (0.0% non-contiguous), 38/1024 blocks
+Exit status is 0
+
+Filesystem volume name: <none>
+Last mounted on: <not available>
+Filesystem magic number: 0xEF53
+Filesystem revision #: 1 (dynamic)
+Filesystem features: ext_attr resize_inode dir_index filetype sparse_super
+Default mount options: (none)
+Filesystem state: clean
+Errors behavior: Continue
+Filesystem OS type: Linux
+Inode count: 128
+Block count: 1024
+Reserved block count: 51
+Free blocks: 986
+Free inodes: 117
+First block: 1
+Block size: 1024
+Fragment size: 1024
+Reserved GDT blocks: 3
+Blocks per group: 8192
+Fragments per group: 8192
+Inodes per group: 128
+Inode blocks per group: 16
+Mount count: 0
+Check interval: 15552000 (6 months)
+Reserved blocks uid: 0
+Reserved blocks gid: 0
+First inode: 11
+Inode size: 128
+Default directory hash: half_md4
+
+
+Group 0: (Blocks 1-1023)
+ Primary superblock at 1, Group descriptors at 2-2
+ Reserved GDT blocks at 3-5
+ Block bitmap at 6 (+5), Inode bitmap at 7 (+6)
+ Inode table at 8-23 (+7)
+ 986 free blocks, 117 free inodes, 2 directories
+ Free blocks: 38-1023
+ Free inodes: 12-128
diff --git a/tests/m_root_owner/script b/tests/m_root_owner/script
new file mode 100644
index 0000000..02c5ef6
--- /dev/null
+++ b/tests/m_root_owner/script
@@ -0,0 +1,4 @@
+DESCRIPTION="root directory owner"
+FS_SIZE=1024
+MKE2FS_OPTS="-E root_owner=1234:1234"
+. $cmd_dir/run_mke2fs
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists