Bug#607516: extlinux-update manipulates boot files in unsafe ways

[Michael Tokarev]

Package: extlinux
Version: 2:4.02+dfsg-7
Severity: important
Tags: squeeze

update-extlinux script modifies boot-related files in unsafe ways,
which is a good way to make system unbootable: it re-creates
several files in /boot/extlinux/ by zeroing the content at start
and adding information to them piece by piece.  In case of a power
failure during this time, the system will be unbootable.  We're
talking about the need to perform f(data)sync() on important files
to ensure data integrity, but this case is much more important
since it affects whole system, but here, file manipulation is
much less safe than just omitting fsync.

The rigth way to create these files is to create a temp file first,
and when it's done, rename it into place atomically.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#607516: extlinux-update manipulates boot files in unsafe ways

[Daniel Baumann]

tag 607516 pending
thanks

On 12/19/2010 12:30 PM, Michael Tokarev wrote:

The rigth way to create these files is to create a temp file first,
and when it's done, rename it into place atomically.


fixed in git.

--
Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:  daniel.baum...@progress-technologies.net
Internet:   http://people.progress-technologies.net/~daniel.baumann/



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org