Your message dated Fri, 25 Jul 2014 11:43:09 +0100
with message-id
<CAD=6czqt8odrf1_cb0+4fz044fxvqv+bahvxo+9ok5zdrug...@mail.gmail.com>
and subject line Close #546388 - e2fsprogs: Odd filesystem labels confuse blkid
has caused the Debian Bug report #546388,
regarding e2fsprogs: Odd filesystem labels confuse blkid
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
546388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546388
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: e2fsprogs
Version: 1.41.9-1
Severity: normal
Hello,
appearently blkid cannot deal very well with somewhat special
characters in filesystem labels. I am not sure how dangerous (read:
security) this really is but at least it's annoying. Programs that
parse the blkid output might return strange results if fooled by e.g.
an USB stick plugged by an attacker.
For the sake of this example I'll use an ext3 fs on /dev/loop0.
# tune2fs -L 'La"bel' /dev/loop0
# blkid | grep /dev/loop0
/dev/loop0: LABEL="La"bel" UUID="321345c2-d851-4f4f-ab68-ba60307a8532"
SEC_TYPE="ext2" TYPE="ext3"
This is not bad per se but cheap parsers might consider the label
being "La" only. This probably applies to blkid itself, now changing
the label:
# tune2fs -L 'La bel' /dev/loop0
# blkid | grep /dev/loop0
/dev/loop0: LABEL="La bel" bel" UUID="321345c2-d851-4f4f-ab68-ba60307a8532"
SEC_TYPE="ext2" TYPE="ext3" UUID="321345c2-d851-4f4f-ab68-ba60307a8532"
^^^^^
adds some garbage to the output, and duplicates the UUID. This is
found in /etc/blkid.tab, too, while the label itself is as specified.
Another funny thing one could do (after clearing /etc/blkid.tab) is
# tune2fs -L '" TYPE="vfat' /dev/loop0
# blkid | grep /dev/loop0
/dev/loop0: LABEL="" TYPE="vfat" UUID="321345c2-d851-4f4f-ab68-ba60307a8532"
SEC_TYPE="ext2" TYPE="ext3"
If there are filesystems that allow long volume labels (24 to 44
characters) it is also possible to inject fake UUIDs.
Please provide protection against such pitfalls. My
suggestions:
* Escape potentially dangerous characters in the blkid output (might
break existing applications), or
* in each line of blkid's output, print the label as the last record[1]
so '"<EOL>' marks the end of the label (not very comfortable
for blkid.tab), or
* provide another, machine readable output format.
Regards,
Christoph
[1] On a side note, a defined order of all records would be helpful,
too (This might apply to lenny only but I cannot reproduce this
right now).
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.27.30 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages e2fsprogs depends on:
ii e2fslibs 1.41.9-1 ext2/ext3/ext4 file system librari
ii libblkid1 2.16-3 block device id library
ii libc6 2.9-25 GNU C Library: Shared libraries
ii libcomerr2 1.41.9-1 common error description library
ii libss2 1.41.9-1 command-line interface parsing lib
ii libuuid1 2.16-3 Universally Unique ID library
e2fsprogs recommends no packages.
Versions of packages e2fsprogs suggests:
pn e2fsck-static <none> (no description available)
pn gpart <none> (no description available)
pn parted <none> (no description available)
-- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
version: 2.24.2-1
I'm closing this bug now since the fix for the bug you reported was
included in the new (upstream) version.
If you can still reproduce it feel free to reopen and provide more info.
thanks
regards
althaser
--- End Message ---
