Bug#888586: quotacheck might run into an endless loop (on systemd installations)

Sat, 27 Jan 2018 05:40:06 -0800 

Package: quota
Version: 4.04-1
Severity: important
Control: tags upstream patch

Dear Maintainer,

The check_header function in quotacheck_v2.c calls ask_yn(), but without
checking for FL_INTERACTIVE as in other other places. In other words,
quotacheck might become interactive even if the according command line
parameter was not set.

This had a serious impact on one of my machines where quotacheck was
called by systemd.quotacheck during boot, appearently (see below) the
related code path was triggered, causing systemd to wait for quotacheck
infinitely while piling up a *lot* of "Illegal answer. Please answer
y/n:" messages in the journal - eventually causing expiration of the
initial message so I had to assume it from the sources.

How to repeat:

Create a file system and enforce a quota check with a wrong quota file
format:
--------------------------------------------------------------------
fallocate /tmp/quota.img --length 128m
mkfs.ext4 /tmp/quota.img
mkdir /tmp/quota
mount -o loop,usrjquota=aquota.user,jqfmt=vfsv1 /tmp/quota.img /tmp/quota/
quotacheck -nug /tmp/quota/
quotacheck -nug -F vfsv0 /tmp/quota/ </dev/zero
--------------------------------------------------------------------

Fix:

The patch below introduces the missing check for FL_INTERACTIVE and,
if not set (the default), will continue as if the default answer "yes"
had been selected.

This affects older version as well, please consider fixing this in a
stable point release. For wheezy and jessie, the patch needs a small
adjustment in the context. Let me know if I can be of help.


Related remarks:

* systemd is just the bringer of the news here.
* The default "yes" makes me somewhat uneasy.
* For readability, ask_yn() could print a "\n" before
  "Illegal answer ..."
* quotacheck still exits zero if "no" was given as an answer.
  That's what I'd call a surprising behaviour.

Regards,

    Christoph

--- a/quotacheck_v2.c
+++ b/quotacheck_v2.c
@@ -363,7 +363,7 @@
                         "specified on command line (%d). Quota file header "
                         "may be corrupted.\n"),
                       le32toh(head.dqh_version), version);
-               if (!ask_yn(_("Continue checking assuming version from command 
line?"), 1))
+               if ((flags & FL_INTERACTIVE) && !ask_yn(_("Continue checking 
assuming version from command line?"), 1))
                        return -1;
                detected_versions[type] = version;
        } else

Attachment: signature.asc
Description: Digital signature

Reply via email to