| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <172863424488.2407118.13900202892540655392@localhost>
Date: Fri, 11 Oct 2024 10:10:44 +0200
From: Johannes Schauer Marin Rodrigues <josch@...ter-muffin.de>
To: linux-ext4@...r.kernel.org
Subject: misc/create_inode_libarchive.c: also allow gnu.translator xattrs
Hello ext4 folks,
in my recent patch to allow e2fsprogs to create filesystems from tarballs via
libarchive I restricted the allowed xattrs to "security.capability". My
intention was probably to not allow any random xattr from the tarball onto the
filesystem.
This now creates a problem as GNU Hurd started using xattrs to store Hurd
translators in the "gnu.translator" extended attribute. With the following
patch I'm able to create a bootable GNU Hurd filesystem from a tarball:
--- a/misc/create_inode_libarchive.c
+++ b/misc/create_inode_libarchive.c
@@ -442,7 +442,7 @@ static errcode_t set_inode_xattr_tar(ext
dl_archive_entry_xattr_reset(entry);
while (dl_archive_entry_xattr_next(entry, &name, &value, &value_size) ==
ARCHIVE_OK) {
- if (strcmp(name, "security.capability") != 0)
+ if (strcmp(name, "security.capability") != 0 && strcmp(name, "gnu.translator"))
continue;
retval = ext2fs_xattr_set(handle, name, value, value_size);
Would that change be a good idea? I also submitted my patch as a pull request
to Ted's github repo here: https://github.com/tytso/e2fsprogs/pull/194
Or would it be a better idea to drop the sanity check for extended attribute
names? What do you think?
Thanks!
cheers, josch
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists