lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 05 Aug 2018 19:23:24 +0000
Subject: [Bug 200735] New: creating softlink does not check for source file
 existance or corruption

            Bug ID: 200735
           Summary: creating softlink does not check for source file
                    existance or corruption
           Product: File System
           Version: 2.5
    Kernel Version: 4.17.0-rc3+
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
        Regression: No

Created attachment 277685
cmd2000 workload containing 2000 nested files and directories


I am performing file system block layer corruption experiments for ext4 for
different file system commands.

For all source-file-read based commands like access, truncate, chmod, open,
chown, utimes,read, rename , getdirentries, creat - if the source file inode is
corrupted, I get an appropriate error in the user space, like this: 

code exited with error Structure needs cleaning

and/or an appropriate error in kernel space, like this:

EXT4-fs error (device dm-0): ext4_iget:4769: inode #8218: comm access: bad
extra_isize 16962 (inode size 256)

However, for the creation of a symlink, I do not observe any form of
check/warning or error if the source file inode, or inode in the source path
inode is corrupted.

Steps To Reproduce

1. Please create file system on a 1.5 GB disk preferably with QEMU.
2. Please mount the file system on /mnt
3. run ./cmd2000 workload (please find attached). this file contains a command
that creates our source file:


along with some 2000 other nested files and directories.

4. find the inode numbers of all directory numbers using the ls -li command. We
can do this using the script attached. For example in my
setup, I get the following inodes.

$ ./ 
8301 cmdsymlink_dir1
2593 cmdsymlink_dir2
4171 cmdsymlink_dir3
4723 cmdsymlink_dir4
5754 datafile

5. unmount the file system. now corrupt inode using the program:
./corruptOffset X 256

where X = ((inode_number/16 + 121) * 4096) + (((inode_number % 16) - 1) * 256)

where inode_number = one of the 5 inode number values obtained in the output of in the previous step.

6. run the following command that successfully creates the new symlink, even
after source path inode corruption.

sudo -- sh -c 'sudo ln -s

Ideally, the symlink command should traverse the source path and inform the
user if the path is broken, corrupt, inaccessible or needs cleaning like all
other commands. Since symlink does not raise any error in this case, it should
be a bug.

Please find scripts attached for your reference.


You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists