clone 546388 -1
reassign -1 libblkid1
severity 546388 wishlist
thanks
On Sun, Sep 13, 2009 at 12:49:21AM +0200, Christoph Biedl wrote:
> Package: e2fsprogs
> Version: 1.41.9-1
> Severity: normal
>
> Hello,
>
> appearently blkid cannot deal very well with somewhat special
> characters in filesystem labels. I am not sure how dangerous (read:
> security) this really is but at least it's annoying. Programs that
> parse the blkid output might return strange results if fooled by e.g.
> an USB stick plugged by an attacker.
This is a problem that we should fix in e2fsprogs sources, but note
that blkid library has been transitioned such that in Testing and
Unstable, it is now being provided by the source package util-linux
(util-linux-ng, aka util-linux 2.x, is taking over responsibility for
the blkid and uuid libraries).
So a fix in the e2fsprogs sources won't actually affect what happens
in Debian, except that I'd cc Karel Zak and he'd probably take the
same fix for util-linux-ng. If he gets to the problem first, I'll
backport his solution to e2fsprogs' sources.
There is a related problem here in how/whether special characters
should be handled via backslash expansion when parsing /etc/fstab.
The fsck and mount programs don't handle this in a consistent fashion
but util-linux-ng is now responsible for fsck as well as mount now, so
that's a util-linux-ng problem as well.
- Ted
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
