lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 8 Nov 2021 23:15:13 +0100
From:   Göran Uddeborg <goeran@...eborg.se>
To:     linux-ext4@...r.kernel.org
Subject: Contents of files exchanged

Is a "user question" acceptable on this list?

When helping a friend with a system that wouldn't boot, we
investigated the file system from a live image. It turned out that a
lot of files had had their contents replaced with a completely
different file's contents. As an example, the libuuid.so.1.3.0 file
had the contents of the README file from the zfs-fuse package. They
still had different inode numbers; they were not links to the same.
There were at least dozens of files "replaced" in that way, we stopped
searching after fixing a few.

This started after an abrupt unplanned power loss, so a fsck on reboot
was expected. But how could it possibly have such a drastic effect?

In case it is relevant, it was on a Fedora 34, initially installed
before btrfs was default on Fedora, and upgraded since.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ