Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp1392563rwb; Fri, 5 Aug 2022 00:40:53 -0700 (PDT) X-Google-Smtp-Source: AA6agR6JaGIKT2g+Rg1cbE95Bv6Brbixv2gULRN3n2xyWAqfApT5VnIRFJdAfTa067MDY6xMZbB/ X-Received: by 2002:a17:90a:1b6e:b0:1f5:1902:af92 with SMTP id q101-20020a17090a1b6e00b001f51902af92mr14993779pjq.238.1659685253496; Fri, 05 Aug 2022 00:40:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659685253; cv=none; d=google.com; s=arc-20160816; b=Cw7qV9SIJdbPAtnNeDeccQycCOTO6MPcXEKyL3uPZFJsdeiNBChyYhQccOMYf3LoKF oyksYxL66EsdwDr56IX2fUzsDgwxghTbSmRbE+Ec1CTmxJQK1aokbhEZuq7B3QrMeZ7U 7BpClUlXq2VT3kb0GMN0bDJl8m6S5iMfLvJpukmbdY/+XrYa7265mcSHF08uO7d3vnzf NgANPKNsm46RLxZFi/O6JiukyC/4jk4S1hfOxN3xbFB+ef8s2WzXp4opRcJPjmF0H4jR BjWSu+MpNGUiPvnjojGtDbwCat2Uxy3FRlo2G9O4FjxuLlFI5vdIT2ouArd9gRQ/eWgL OAHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ZAhMRyLdMoOA8LK72SEkVGSLxA97jhStA5RfvPd2TQQ=; b=ZDQDRJTzcFFq/GxSW+ASsTJcX/DtEXr0EK7PPTht7SrWSXAFj3P1Oti5IY/QeoJeSX /eTaVxOLkYqoBTK6COxCYff8eZ+j06VtXkZ7BkL4wVd1cEprLG41T+du+yb4F3XfOEc7 BsAfuCTwOYmQvG/58z+eIsUasDVh7TR32JvRb93sa81FXI1WqJmJFDcfJR9BRHrJMr3X finklbzBQ67k6nah1FNA/pCBJTtc4wZAbBObK+oWnodZJn1Wj5INSGMq5GhVbRN8C7hp j9UrqOdoX/SlNUayQLhAXB1QoKHi2eyPRi5NHjT9CzsiuWEk9ACDV673W7PxDHWEC855 MWpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZVpc3Bnp; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i18-20020a635412000000b0041a4118f4fbsi2325159pgb.439.2022.08.05.00.40.27; Fri, 05 Aug 2022 00:40:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZVpc3Bnp; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231949AbiHEHiy (ORCPT + 99 others); Fri, 5 Aug 2022 03:38:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240185AbiHEHiw (ORCPT ); Fri, 5 Aug 2022 03:38:52 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 257B85F11F for ; Fri, 5 Aug 2022 00:38:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1659685130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZAhMRyLdMoOA8LK72SEkVGSLxA97jhStA5RfvPd2TQQ=; b=ZVpc3BnpQaMPiUvsPjgF3nwXcCLSxnqo5dbAhpdFlX/YVb6Omh4ohF3PyVevfvogFSUs9n cpvJPYVzGMj/UNs8Q9EZhe0TUtwy/sF276HQhKqZpNpZtq8bZZZ3kSSx1RdI/+YtXP0Aao T+g/uw3+uRN9RNgdNZ1tRr1EO2SVGqE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-493-Ex--Jxs7OjuPMXGk7eve1A-1; Fri, 05 Aug 2022 03:38:33 -0400 X-MC-Unique: Ex--Jxs7OjuPMXGk7eve1A-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A0DD585A584; Fri, 5 Aug 2022 07:38:32 +0000 (UTC) Received: from fedora (unknown [10.40.193.205]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 000ACC202C5; Fri, 5 Aug 2022 07:38:31 +0000 (UTC) Date: Fri, 5 Aug 2022 09:38:29 +0200 From: Lukas Czerner To: Daniel Ng Cc: linux-ext4@vger.kernel.org, Sarthak Kukreti Subject: Re: [BUG] fsck unable to resolve filenames that include '=' Message-ID: <20220805073829.dcwhe3dizlk5hz5n@fedora> References: <20220803143113.frmayykhlhvcqkxg@fedora> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Hi Daniel, On Fri, Aug 05, 2022 at 03:32:14PM +1000, Daniel Ng wrote: > Hey Lukas, > > that aligns with our observations; I also ran into this when running > tune2fs on the file too. > > I'm not very familiar with blkid_get_devname(), but that sounds sensible to me. > > Alternatively, my colleague (sarthak@) was suggesting that we could > add a stat() check for the file in the conditional that checks if > there is a '=' character in the > token - which would work for us at least. I suppose it just depends on > what we should prioritize finding. It might make more sense to > prioritize finding > a regular file, before trying to parse the expression. In your > example, the 'LABEL=volume-label' file couldn't ever be selected if > there is also a > device with 'volume-label' (it also seems more likely that in that > situation, the file should be interacted with, over interpreting the > token as an expression). > > What are your thoughts behind the ordering (and alluded exploits)? I think this is a bad approach. It means that a file in a working directory from where the e2fsc/tune2fs is invoked can effectively prevent user/admin to work with the file system with LABEL= or UUID= without user/admin ever having any clue what it is going on. You can always acces the file with the name LABEL=volume-label just by specifying ./LABEL=volume-label or a full path, not a big deal and it makes it very clear what the intentional target is. I've got a patch that I plan to send out soon, in which I just check for the collision and prefer the device found by blkid_get_devname(). Will send it out soon, so let's move the discussion there. Thanks! -Lukas > > Kind regards, > Daniel > > On Thu, Aug 4, 2022 at 12:31 AM Lukas Czerner wrote: > > > > On Tue, Aug 02, 2022 at 06:21:56PM +1000, Daniel Ng wrote: > > > Hi, > > > > > > I've run into an issue when trying to use fsck with an ext4 image when > > > it has '=' in its name. > > > > > > Repro steps: > > > 1. fallocate -l 1G test=.img > > > 2. mkfs.ext4 test=.img > > > 3. fsck test=.img > > > > > > Response: > > > 'fsck.ext4: Unable to resolve '/test=.img' > > > > > > Expected: > > > fsck to do it's thing. > > > > > > Observations: > > > Originally I wasn't sure what the source was, I thought that maybe > > > mkfs wasn't creating the image appropriately. > > > However, I've tried: > > > - renaming the image > > > - creating a hard-link to the image > > > > > > Running fsck on either the renamed image, or the hard-link, works as expected. > > > > > > Kernel version: Linux version 4.19.251-13516-ga0bcf8d80077 > > > Environment: Running on a Chromebook > > > > > > Kind regards, > > > Daniel > > > > Hi Daniel, > > > > yeah, that's a good catch. The problem is that various e2fsprogs tools > > (at least tune2fs and e2fsck) are using blkid_get_devname() to get the > > device name without ever checking if we already got the actual existing > > device name. > > > > The reason to call blkid_get_devname() at all is to get device in the > > form of NAME=value (like for example UUID=uuid, or LABEL=volume-label). > > However if we blindly pass in the device (or in this case regular file) > > name with an equal sign in it, the blkid_get_devname just returns whatever > > it can find by that tag. Which is likely nothing. > > > > Unless of course, you're trying to use e2fsck, or tune2fs on a file with > > an actual filename LABEL=volume-label and you have actual file system > > with 'volume-label' LABEL ;) That's a problematic behavior and depending > > on how we go about fixing it it could be potentialy exploitable... > > > > Maybe something like this: > > > > 1. look for the actual block device first > > 2. if none is found call blkid_get_devname() > > 3. if that didn't return anything maybe see if have a regular > > file and work with that > > 4. if we still get nothing, then we're "Unable to resolve..." > > > > Thoughts? > > > > -Lukas > > >