The function is_loopdev does not set errno if the supplied string does
not reference a valid loop device. Fix this to avoid an error message
like this one:
libblkid: Avoid OOB access on illegal ZFS superblocks
64 bit systems can trigger an out of boundary access while performing
a ZFS superblock probe.
This happens due to a possible integer overflow while calculating
the remaining available bytes. The variable is of type "int" and the
string length is allowed to be larger than INT_MAX, which means that
avail calculation can overflow, circumventing the "avail < 0" check and
therefore accessing memory outside the "buff" array later on.
tests: Use proper word splitting when executing tests
Use the shell special variable "$@" instead of the inferior $* to
execute the test command in ts_valgrind. The expansion of "$@" respects
proper word splitting and makes it possible to pass the command empty
arguments. It might also prevent surprises with quoting in corner
cases.
Tested that `make check` passes.
Valgrind run with `make check TS_OPTS='--nonroot --memcheck'` passes.
Signed-off-by: Filipe Brandenburger <filbranden@google.com>
libmount: Preserve empty string value in optstr parsing
Recent mount (since the switch to libmount in v2.22) drops the '=' in
mount options that are set to an empty value. For example, the command
line below will be affected:
# mount -o rw,myopt='' -t tmpfs tmpfs /mnt/tmp
Fix that by preserving an empty string in the options passed to the
mount(2) syscall when they are present on the command line.
Add test cases to ensure empty string handling is working as expected
and in order to prevent regressions in the future.
Also tested manually by stracing mount commands (on a kernel which
accepts a special extra option, for testing purposes.)
Chris Metcalf [Tue, 9 Aug 2016 09:31:41 +0000 (11:31 +0200)]
taskset: clarify that masks are always hex in man page
The man page confusingly says that the mask is "typically"
hexadecimal, when in fact it is always hexadecimal. Fix the
language, and provide an additional example with no leading "0x".
Also, provide an example using the --cpu-list option.
Signed-off-by: Chris Metcalf <cmetcalf@mellanox.com> Signed-off-by: Karel Zak <kzak@redhat.com>
--show-pt-geometry existed since cf3f26bf (2006), and it is used by third party
tools. To prevent failure of these tools, add a minimal compatibility code.
Casting the value to be checked to size_t renders the check useless.
If st_size is SIZE_MAX+1, it will be truncated to 0 and the check
succeeds. In fact, this check can never be false because every value
stored in a size_t is smaller or equal to SIZE_MAX.
I think this adjustment was meant to fix a compiler warning for 64 bit
systems for which sizeof(off_t) is sizeof(size_t), but the signedness
differs.
Going unconditionally to the greatest possible unsigned int type if
st_size is positive (off_t is signed) will fix this issue.
We also need to detect non-empty recursion in the EBR chain. It's
possible to create standard valid logical partitions and in the last one
points back to the EBR chain. In this case all offsets will be non-empty.
Unfortunately, it's valid to create logical partitions that are not in
the "disk order" (sorted by start offset). So link somewhere back is
valid, but this link cannot points to already existing partition
(otherwise we will see recursion).
This patch forces libblkid to ignore duplicate logical partitions, the
duplicate chain segment is interpreted as non-data segment, after 100
iterations with non-data segments it will break the loop -- no memory
is allocated in this case by the loop.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1349536
References: http://seclists.org/oss-sec/2016/q3/40 Signed-off-by: Karel Zak <kzak@redhat.com>
libblkid: Add metadata signature check for IMSM on 4Kn drives
Drives with 512 and 4K sectors have different offset for
metadata signature. Without signature detected on 4Kn drives
those drives will not be recognized as raid member. This
patch adds checking for IMSM signature for 4Kn drives.
Torsten Hilbrich [Mon, 20 Jun 2016 05:09:10 +0000 (07:09 +0200)]
liblkid: Add length check in probe_nilfs2 before crc32
The bytes variable is read from the file system to probe and must be
checked before used as length parameter in the crc32 call.
The following problems may occur here:
- bytes smaller than sumoff + 4: underflow in length calculation
- bytes larger than remaining space in sb: overflow of buffer
This fixes a problem where an encrypted volume had the correct magic
values 0x3434 at offset 0x406 and the following uint16_t (which is
read into the nilfs_super_block.s_bytes struct) was parsed as 1.
Then crc32 was called with the length value 18446744073709551597
causing a segmentation fault.
Karel Zak [Tue, 14 Jun 2016 11:15:44 +0000 (13:15 +0200)]
chfn: chsh: use selinux_check_passwd_access()
* selinux/av_permissions.h and magic constants are deprecated, the
recommended solution is to use string_to_security_class() and
string_to_av_perm() to get access vector
* it also seems that selinux_check_passwd_access() does exactly the
same as our checkAccess(), let's use it.
uClibc-ng tries to be compatible with GNU libc and defines
__GLIBC__ and pretend to be version 2.2.
We once changed it to 2.10, but then some hard to fix problems
in different software packages (gcc) occured.
It would be better if we disable the special GNU libc checks
for uClibc-ng here. uClibc-ng implements the required scanf
functionality.
Karel Zak [Wed, 25 May 2016 13:59:15 +0000 (15:59 +0200)]
build-sys: add tools/Makemodule.am
We have "make" targets which depends on tools/check*.sh scripts. It's
ugly to exclude these scripts from the release tar balls (as generated
by "make distcheck").
Wayne Pollock [Wed, 4 May 2016 16:15:14 +0000 (17:15 +0100)]
write: fix setuid related regression
The write(1) is commonly a setuid binary, because common users cannot by
default write to each others terminals. Since the commit in reference, that
is part of releases v2.24 to v2.28, the write(1) has used access(2) to check
capability to write to a destination terminal. The catch is that access(2)
uses real UID and GID to when performing the accessibility. The obvious
correction is to avoid access(2) when in context of setuid binaries.
As a smaller fix, but equally important fix, ensure the 'msgsok' variable is
initialized to indicate no access. Uninitialized variable will almost
certainly do wrong thing at the time of check.
Breaking-commit: 0233a8ea18bec17dd59cfe1fec8281 Signed-off-by: Sami Kerola <kerolasa@iki.fi> Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Wayne Pollock <profwaynepollock@gmail.com>
Karel Zak [Thu, 28 Apr 2016 11:54:01 +0000 (13:54 +0200)]
libblkid: make I/O errors on CDROMs non-fatal
It seems too tricky to get a real size of the data track on hybrid
disks with audio+data. It seems overkill to analyze all header in
libblkid and on some disks it's probably possible to get I/O error
almost everywhere due to crazy copy protection etc.
Process A Process B Process C
open()
[creates file]
lock()
[succeed]
open()
[open existing]
lock()...
running()
close()
[...succeed]
unlink()
running()
open()
[creates file] {BAD!}
lock()
[succeed] {BAD!}
running() {BAD!}
close()
Cons: leaves empty (unlocked/harmless) .lock files in /run/fsck/ Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
Petr Uzel [Mon, 18 Apr 2016 14:22:05 +0000 (16:22 +0200)]
libblkid: make blkid_do_wipe() work with probes with offset
When a probe is created with an offset, e.g. via
blkid_probe_set_device(), this offset is correctly used when looking for
the signatures, but is not respected by blkid_do_wipe() function.
Therefore the signature is removed from an invalid location.
Usecase: Wiping signatures from an area on the block device where
partition is to be created (but as it does not exist yet, there's no
device node for it and probe on the whole block device has to be used
with correct offset and length).
Steps to reproduce:
modprobe scsi_debug
parted -s /dev/sdX mklabel gpt
parted -s /dev/sdX mkpart first 2048s 4095s
mkfs.ext2 /dev/sdX1
wipefs -np /dev/sdX1
./wiper /dev/sdX1 2048 2048
Actual result: wiper gets into endless loop, because
blkid_do_wipe() wipes at wrong location (1080), leaving the signature
on /dev/sdc1. So it is again found by blkid_do_probe(), and so on.
Expected result: wiper clears the ext2 signature at offset 1049656(=1080+2048*512).
Sami Kerola [Sat, 16 Apr 2016 17:35:02 +0000 (18:35 +0100)]
dmesg: --notime should not suppress --show-delta
The --show-delta is off by default, which means it can be only on when user
has requested to see these time stamps. The --notime option should not turn
the delta outputing off, because then option order matters and no-one wants
that. Example of the old output:
$ dmesg --notime --show-delta | sed -n 's/ version.*//p; q'
[< 0.000000>] Linux
$ dmesg --show-delta --notime | sed -n 's/ version.*//p; q'
Linux
Addresses: https://bugs.launchpad.net/bugs/1544595 Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Karel Zak [Wed, 13 Apr 2016 12:41:47 +0000 (14:41 +0200)]
wipefs: force GPT detection
The library libblkid (as well as fdisks) requires protective MBR when
probe for GPT by default. This is unnecessary for wipefs where we're
more promiscuous and we want to delete as much as possible. This patch
enables BLKID_PARTS_FORCE_GPT for wipefs.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1326474 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Wed, 13 Apr 2016 09:52:43 +0000 (11:52 +0200)]
script: use empty-slave heuristic more carefully
script(1) waits for empty slave FD (shell stdin) before it writes to
master. This feature has been intorduiced by 54c6611d6f7b73609a5331f4d0bcf63c4af6429e
to avoid misbehavior when we need to send EOF to the shell.
Unfortunately, this feature has been used all time for all messages.
This is wrong because command in the session (or shell) may ignore
stdin at all and wait forever in busy loop is really bad idea. Test
case:
This patch forces script to use empty-stave detection only when we
need to write EOF. The busy loop has been modified to use nanosleep
and it does not wait forever...
Addresses: http://bugs.debian.org/820843 Signed-off-by: Karel Zak <kzak@redhat.com>
build-sys: add --disable-logger and --disable-lslogins
Now we are able to disable all programs which have systemd/journald
support. This feature is needed by openSUSE packagers who are building
util-linux in 2 stages to avoid build cycles.