clone 546388 -1 reassign -1 libblkid1 severity 546388 wishlist thanks On Sun, Sep 13, 2009 at 12:49:21AM +0200, Christoph Biedl wrote: > Package: e2fsprogs > Version: 1.41.9-1 > Severity: normal > > Hello, > > appearently blkid cannot deal very well with somewhat special > characters in filesystem labels. I am not sure how dangerous (read: > security) this really is but at least it's annoying. Programs that > parse the blkid output might return strange results if fooled by e.g. > an USB stick plugged by an attacker.
This is a problem that we should fix in e2fsprogs sources, but note that blkid library has been transitioned such that in Testing and Unstable, it is now being provided by the source package util-linux (util-linux-ng, aka util-linux 2.x, is taking over responsibility for the blkid and uuid libraries). So a fix in the e2fsprogs sources won't actually affect what happens in Debian, except that I'd cc Karel Zak and he'd probably take the same fix for util-linux-ng. If he gets to the problem first, I'll backport his solution to e2fsprogs' sources. There is a related problem here in how/whether special characters should be handled via backslash expansion when parsing /etc/fstab. The fsck and mount programs don't handle this in a consistent fashion but util-linux-ng is now responsible for fsck as well as mount now, so that's a util-linux-ng problem as well. - Ted -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org