Bug #26336 “genext2fs does not preserve file permissions in gene...” : Bugs : genext2fs package : Ubuntu

Revision history for this message

In Debian Bug tracker #341173, Mikko Rapeli (mikko-rapeli-vtt) wrote on 2005-11-28: genext2fs

#1

A newer version of genext2fs may preserve uid's, gid's and permissions
for files and directories so the ext2 initrd image wouldn't have o=rwx
any more.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338263

-Mikko

Revision history for this message

In Debian Bug tracker #341173, Joey Hess (joeyh) wrote on 2005-11-28: reassign 340981 to save-logs

#2

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 save-logs

Revision history for this message

In Debian Bug tracker #341173, Joey Hess (joeyh) wrote on 2005-11-28: reassign 340981 to cdebconf

#3

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 cdebconf

Revision history for this message

In Debian Bug tracker #341173, Joey Hess (joeyh) wrote on 2005-11-28: reassign 340981 to debian-installer

#4

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 debian-installer

Revision history for this message

In Debian Bug tracker #341173, Joey Hess (joeyh) wrote on 2005-11-28: Re: Bug#340981: debian-installer and world writable directories

#5

Download full text (3.3 KiB)

tag 340981 - sarge
clone 340981 -1
reassign -1 genext2fs
severity -1 serious
retitle -1 genext2fs does not preserve file permissions in generated image
merge 338262 338263 -1
reassign 340981 prebaseconfig
close 340981 1.10

Mikko Rapeli wrote:
> a) debian-installer root has very permissive directory permissions
> (ugo=rwx)

> b) prebaseconfig's 93save-install-log uses "cp -a" to copy
> /var/lib/cdebconf directory to /target/var/log/debian-installer/.
>
> Part a) seems to have gotten some attention in Etch beta 1, but for
> reasons beyond my comprehension /var/lib/cdebconf among others is still
> world writable. I don't understand the functionality of d-i very well,
> but perhaps mkdir is used without a proper umask or -m 0775.

The permissions of the directory in cdebconf-udeb are ok, but those ok
permissions are corrupted by genext2fs during the initrd build process:

joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld var/lib/cdebconf
drwxr-xr-x 2 joey joey 4096 Nov 7 09:56 var/lib/cdebconf/
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>genext2fs -d . -b 10000 foo
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>sudo mount -o loop foo /mnt
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld /mnt/var/lib/cdebconf
drwxrwxrwx 2 root root 1024 Dec 31 1969 /mnt/var/lib/cdebconf/

In fact, every directory in this ext2 image is mode 777; every file is
mode 666 (or 777). That is a known genext2fs bug I see, with a recently
filed bug and a patch in the bts, but no other documentation of the
problem. Which could easily be construed as a security hole in its own
right since it leads directly to d-i's class of problem.

I haven't looked outside i386 to see if it affects other arches or not,
but it may well not affect some arches that use cramfs images and so on.
Or it might, if there are similar problems with the tools to generate
those images.

> Part b) could be fixed by using a stricter umask or plain cp instead of
> 'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
> ( URL:
> http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig.d/93save-debconf?op=file&rev=28098&sc=0).

It was fixed in prebaseconfig 1.10, the current code just does:

cp /var/lib/cdebconf/questions.dat /var/lib/cdebconf/templates.dat \
$logsavedir/cdebconf

So etch beta 1 is not affected.

> The fact that a subdirectory within /var/log is world writable is a low
> risk security issue, since system logs may be DoS'ed by any user filling
> up the partition.

Surely any user could do the same with the logger command or a small
C program? There may be other theoretical exploit vectors beyond a DOS
though. debconf-get-selections --installer uses these files, for
example.

If the security team wants to follow up on this for stable, it would be
easy to backport the fix. Releasing an advisory would require actually
putting the fixed package into stable (not security.d.o; d-i will not
find it there), as well as rebuilding all the CD images. Any advisory
about this should also include instructions for users who have already
installed (rm -rf /var/log/debian-installer would do, or a command to
fix ...

tag 340981 - sarge
clone 340981 -1
reassign -1 genext2fs
severity -1 serious
retitle -1 genext2fs does not preserve file permissions in generated image
merge 338262 338263 -1
reassign 340981 prebaseconfig
close 340981 1.10

Mikko Rapeli wrote:
> a) debian-installer root has very permissive directory permissions 
> (ugo=rwx)

> b) prebaseconfig's 93save-install-log uses "cp -a" to copy 
> /var/lib/cdebconf directory to /target/var/log/debian-installer/.
> 
> Part a) seems to have gotten some attention in Etch beta 1, but for 
> reasons beyond my comprehension /var/lib/cdebconf among others is still 
> world writable. I don't understand the functionality of d-i very well, 
> but perhaps mkdir is used without a proper umask or -m 0775.

The permissions of the directory in cdebconf-udeb are ok, but those ok
permissions are corrupted by genext2fs during the initrd build process:

joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld var/lib/cdebconf
drwxr-xr-x 2 joey joey 4096 Nov  7 09:56 var/lib/cdebconf/
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>genext2fs -d . -b 10000 foo 
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>sudo mount -o loop foo /mnt
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld /mnt/var/lib/cdebconf
drwxrwxrwx 2 root root 1024 Dec 31  1969 /mnt/var/lib/cdebconf/

In fact, every directory in this ext2 image is mode 777; every file is
mode 666 (or 777). That is a known genext2fs bug I see, with a recently
filed bug and a patch in the bts, but no other documentation of the
problem. Which could easily be construed as a security hole in its own
right since it leads directly to d-i's class of problem.

I haven't looked outside i386 to see if it affects other arches or not,
but it may well not affect some arches that use cramfs images and so on.
Or it might, if there are similar problems with the tools to generate
those images.

> Part b) could be fixed by using a stricter umask or plain cp instead of
> 'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
> ( URL:
> http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig.d/93save-debconf?op=file&rev=28098&sc=0).

It was fixed in prebaseconfig 1.10, the current code just does:

cp /var/lib/cdebconf/questions.dat /var/lib/cdebconf/templates.dat \
        $logsavedir/cdebconf

So etch beta 1 is not affected.

> The fact that a subdirectory within /var/log is world writable is a low 
> risk security issue, since system logs may be DoS'ed by any user filling 
> up the partition.

Surely any user could do the same with the logger command or a small
C program? There may be other theoretical exploit vectors beyond a DOS
though. debconf-get-selections --installer uses these files, for
example.

If the security team wants to follow up on this for stable, it would be
easy to backport the fix. Releasing an advisory would require actually
putting the fixed package into stable (not security.d.o; d-i will not
find it there), as well as rebuilding all the CD images. Any advisory
about this should also include instructions for users who have already
installed (rm -rf /var/log/debian-installer would do, or a command to
fix up the permissions); the directory in the installed system is not
managed by a package in sarge, although we've fixed that since.

-- 
see shy jo

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#6

Automatically imported from Debian bug report #341173 http://bugs.debian.org/341173

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#7

Message-ID: <email address hidden>
Date: Sun, 27 Nov 2005 17:28:24 +0200
From: Mikko Rapeli <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: debian-installer and world writable directories

Package: debian-installer
Version: 20051026
Tags: security,sarge

debian-installer in Sarge leaves the directory
/var/log/debian-installer/cdebconf world writable:

# ls -ld `locate debian-installer | grep cdebconf`
drwxrwxrwx 2 root root 4096 Sep 23 17:54
/var/log/debian-installer/cdebconf
-rw-r--r-- 1 root root 49241 Sep 23 18:09
/var/log/debian-installer/cdebconf/questions.dat
-rw-r--r-- 1 root root 3960367 Sep 23 18:09
/var/log/debian-installer/cdebconf/templates.dat

This happens at least when debian-31r0a-i386-binary-1.iso was used to
install Sarge on my two hosts. The root of the problem seems to be two fold:

a) debian-installer root has very permissive directory permissions (ugo=rwx)
b) prebaseconfig's 93save-install-log uses "cp -a" to copy
/var/lib/cdebconf directory to /target/var/log/debian-installer/.

Part a) seems to have gotten some attention in Etch beta 1, but for
reasons beyond my comprehension /var/lib/cdebconf among others is still
world writable. I don't understand the functionality of d-i very well,
but perhaps mkdir is used without a proper umask or -m 0775.

Part b) could be fixed by using a stricter umask or plain cp instead of
'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
( URL:
http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig.d/93save-debconf?op=file&rev=28098&sc=0
).

Unfortunately I'm unable get d-i compiled at the moment, so I'm not
shure which specific fix works for shure and wether Etch has the same
problem.

The fact that a subdirectory within /var/log is world writable is a low
risk security issue, since system logs may be DoS'ed by any user filling
up the partition. It also seems to be agains Debian policy 10.8 (
http://www.debian.org/doc/debian-policy/ch-files.html#s10.8 ).

I'm going to study d-i further, but perhaps you developers can already
fix this in the mean time. To me solving part a) is more natural to
Etch, since all d-i processes seem to run as root:root, so other don't
need any permissions on files or directories.

-Mikko

Message-ID: <4389D098.7020003@vtt.fi>
Date: Sun, 27 Nov 2005 17:28:24 +0200
From: Mikko Rapeli <mikko.rapeli@vtt.fi>
To: submit@bugs.debian.org
CC: team@security.debian.org
Subject: debian-installer and world writable directories

Package: debian-installer
Version: 20051026
Tags: security,sarge

debian-installer in Sarge leaves the directory 
/var/log/debian-installer/cdebconf world writable:

# ls -ld `locate debian-installer | grep cdebconf`
drwxrwxrwx  2 root root    4096 Sep 23 17:54 
/var/log/debian-installer/cdebconf
-rw-r--r--  1 root root   49241 Sep 23 18:09 
/var/log/debian-installer/cdebconf/questions.dat
-rw-r--r--  1 root root 3960367 Sep 23 18:09 
/var/log/debian-installer/cdebconf/templates.dat

This happens at least when debian-31r0a-i386-binary-1.iso was used to 
install Sarge on my two hosts. The root of the problem seems to be two fold:

a) debian-installer root has very permissive directory permissions (ugo=rwx)
b) prebaseconfig's 93save-install-log uses "cp -a" to copy 
/var/lib/cdebconf directory to /target/var/log/debian-installer/.

Part a) seems to have gotten some attention in Etch beta 1, but for 
reasons beyond my comprehension /var/lib/cdebconf among others is still 
world writable. I don't understand the functionality of d-i very well, 
but perhaps mkdir is used without a proper umask or -m 0775.

Part b) could be fixed by using a stricter umask or plain cp instead of 
'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
( URL: 
http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig.d/93save-debconf?op=file&rev=28098&sc=0 
).

Unfortunately I'm unable get d-i compiled at the moment, so I'm not 
shure which specific fix works for shure and wether Etch has the same 
problem.

The fact that a subdirectory within /var/log is world writable is a low 
risk security issue, since system logs may be DoS'ed by any user filling 
up the partition. It also seems to be agains Debian policy 10.8 ( 
http://www.debian.org/doc/debian-policy/ch-files.html#s10.8 ).

I'm going to study d-i further, but perhaps you developers can already 
fix this in the mean time. To me solving part a) is more natural to 
Etch, since all d-i processes seem to run as root:root, so other don't 
need any permissions on files or directories.

-Mikko

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#8

Message-ID: <email address hidden>
Date: Mon, 28 Nov 2005 12:04:26 +0200
From: Mikko Rapeli <email address hidden>
To: <email address hidden>
Subject: genext2fs

A newer version of genext2fs may preserve uid's, gid's and permissions
for files and directories so the ext2 initrd image wouldn't have o=rwx
any more.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338263

-Mikko

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#9

Message-Id: <email address hidden>
Date: Mon, 28 Nov 2005 16:25:54 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: reassign 340981 to save-logs

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 save-logs

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#10

Message-Id: <email address hidden>
Date: Mon, 28 Nov 2005 16:32:58 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: reassign 340981 to cdebconf

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 cdebconf

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#11

Message-Id: <email address hidden>
Date: Mon, 28 Nov 2005 17:04:20 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: reassign 340981 to debian-installer

# Automatically generated email from bts, devscripts version 2.9.8
reassign 340981 debian-installer

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-28:

#12

Download full text (4.2 KiB)

Message-ID: <email address hidden>
Date: Mon, 28 Nov 2005 17:40:53 -0500
From: Joey Hess <email address hidden>
To: Mikko Rapeli <email address hidden>, <email address hidden>,
<email address hidden>
Cc: <email address hidden>, <email address hidden>,
<email address hidden>
Subject: Re: Bug#340981: debian-installer and world writable directories

--4Epv4kl9IRBfg3rk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tag 340981 - sarge
clone 340981 -1
reassign -1 genext2fs
severity -1 serious
retitle -1 genext2fs does not preserve file permissions in generated image
merge 338262 338263 -1
reassign 340981 prebaseconfig
close 340981 1.10

Mikko Rapeli wrote:
> a) debian-installer root has very permissive directory permissions=20
> (ugo=3Drwx)

> b) prebaseconfig's 93save-install-log uses "cp -a" to copy=20
> /var/lib/cdebconf directory to /target/var/log/debian-installer/.
>=20
> Part a) seems to have gotten some attention in Etch beta 1, but for=20
> reasons beyond my comprehension /var/lib/cdebconf among others is still=
=20
> world writable. I don't understand the functionality of d-i very well,=20
> but perhaps mkdir is used without a proper umask or -m 0775.

The permissions of the directory in cdebconf-udeb are ok, but those ok
permissions are corrupted by genext2fs during the initrd build process:

joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld var/lib/cdebc=
onf
drwxr-xr-x 2 joey joey 4096 Nov 7 09:56 var/lib/cdebconf/
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>genext2fs -d . -b 10=
000 foo=20
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>sudo mount -o loop f=
oo /mnt
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld /mnt/var/lib/=
cdebconf
drwxrwxrwx 2 root root 1024 Dec 31 1969 /mnt/var/lib/cdebconf/

In fact, every directory in this ext2 image is mode 777; every file is
mode 666 (or 777). That is a known genext2fs bug I see, with a recently
filed bug and a patch in the bts, but no other documentation of the
problem. Which could easily be construed as a security hole in its own
right since it leads directly to d-i's class of problem.

I haven't looked outside i386 to see if it affects other arches or not,
but it may well not affect some arches that use cramfs images and so on.
Or it might, if there are similar problems with the tools to generate
those images.=20

> Part b) could be fixed by using a stricter umask or plain cp instead of
> 'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
> ( URL:
> http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig=
=2Ed/93save-debconf?op=3Dfile&rev=3D28098&sc=3D0).

It was fixed in prebaseconfig 1.10, the current code just does:

cp /var/lib/cdebconf/questions.dat /var/lib/cdebconf/templates.dat \
$logsavedir/cdebconf

So etch beta 1 is not affected.

> The fact that a subdirectory within /var/log is world writable is a low=
=20
> risk security issue, since system logs may be DoS'ed by any user filling=
=20
> up the partition.

Surely any user could do the same with the logger command or a small
C program? There ...

Message-ID: <20051128224052.GE14159@kitenet.net>
Date: Mon, 28 Nov 2005 17:40:53 -0500
From: Joey Hess <joeyh@debian.org>
To: Mikko Rapeli <mikko.rapeli@vtt.fi>, 340981@bugs.debian.org,
	control@bugs.debian.org
Cc: team@security.debian.org, genext2fs@packages.debian.org,
	debian-boot@lists.debian.org
Subject: Re: Bug#340981: debian-installer and world writable directories

--4Epv4kl9IRBfg3rk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tag 340981 - sarge
clone 340981 -1
reassign -1 genext2fs
severity -1 serious
retitle -1 genext2fs does not preserve file permissions in generated image
merge 338262 338263 -1
reassign 340981 prebaseconfig
close 340981 1.10

Mikko Rapeli wrote:
> a) debian-installer root has very permissive directory permissions=20
> (ugo=3Drwx)

> b) prebaseconfig's 93save-install-log uses "cp -a" to copy=20
> /var/lib/cdebconf directory to /target/var/log/debian-installer/.
>=20
> Part a) seems to have gotten some attention in Etch beta 1, but for=20
> reasons beyond my comprehension /var/lib/cdebconf among others is still=
=20
> world writable. I don't understand the functionality of d-i very well,=20
> but perhaps mkdir is used without a proper umask or -m 0775.

The permissions of the directory in cdebconf-udeb are ok, but those ok
permissions are corrupted by genext2fs during the initrd build process:

joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld var/lib/cdebc=
onf
drwxr-xr-x 2 joey joey 4096 Nov  7 09:56 var/lib/cdebconf/
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>genext2fs -d . -b 10=
000 foo=20
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>sudo mount -o loop f=
oo /mnt
joey@dragon:~/src/d-i/installer/build/tmp/netboot/tree>ls -ld /mnt/var/lib/=
cdebconf
drwxrwxrwx 2 root root 1024 Dec 31  1969 /mnt/var/lib/cdebconf/

In fact, every directory in this ext2 image is mode 777; every file is
mode 666 (or 777). That is a known genext2fs bug I see, with a recently
filed bug and a patch in the bts, but no other documentation of the
problem. Which could easily be construed as a security hole in its own
right since it leads directly to d-i's class of problem.

I haven't looked outside i386 to see if it affects other arches or not,
but it may well not affect some arches that use cramfs images and so on.
Or it might, if there are similar problems with the tools to generate
those images.=20

> Part b) could be fixed by using a stricter umask or plain cp instead of
> 'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
> ( URL:
> http://svn.debian.org/wsvn/d-i/trunk/packages/prebaseconfig/prebaseconfig=
=2Ed/93save-debconf?op=3Dfile&rev=3D28098&sc=3D0).

It was fixed in prebaseconfig 1.10, the current code just does:

cp /var/lib/cdebconf/questions.dat /var/lib/cdebconf/templates.dat \
        $logsavedir/cdebconf

So etch beta 1 is not affected.

> The fact that a subdirectory within /var/log is world writable is a low=
=20
> risk security issue, since system logs may be DoS'ed by any user filling=
=20
> up the partition.

Surely any user could do the same with the logger command or a small
C program? There may be other theoretical exploit vectors beyond a DOS
though. debconf-get-selections --installer uses these files, for
example.

If the security team wants to follow up on this for stable, it would be
easy to backport the fix. Releasing an advisory would require actually
putting the fixed package into stable (not security.d.o; d-i will not
find it there), as well as rebuilding all the CD images. Any advisory
about this should also include instructions for users who have already
installed (rm -rf /var/log/debian-installer would do, or a command to
fix up the permissions); the directory in the installed system is not
managed by a package in sarge, although we've fixed that since.

--=20
see shy jo

--4Epv4kl9IRBfg3rk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDi4d0d8HHehbQuO8RAhXhAJsHQo56bLh+LWnDCnqI33akYsVXFgCfak+a
ag6Z/ncDvxnbWcV8Cf1qLpY=
=X4FX
-----END PGP SIGNATURE-----

--4Epv4kl9IRBfg3rk--

Revision history for this message

In Debian Bug tracker #341173, Joey Hess (joeyh) wrote on 2005-11-28: severity of 341173 is normal, merging 341173 338262 338263

#13

# Automatically generated email from bts, devscripts version 2.9.8
severity 341173 normal
merge 341173 338262 338263

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-29:

#14

Message-Id: <email address hidden>
Date: Mon, 28 Nov 2005 18:48:38 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: severity of 341173 is normal, merging 341173 338262 338263

# Automatically generated email from bts, devscripts version 2.9.8
severity 341173 normal
merge 341173 338262 338263

Revision history for this message

In Debian Bug tracker #341173, Mikko Rapeli (mikko-rapeli-vtt) wrote on 2005-11-29: genext2fs CVS version fixes this well

#15

I took the cvs version of genext2fs for a spin:

~/src/genext2fs-cvs_29112005$ mkdir -p foo/bar/xyz
~/src/genext2fs-cvs_29112005$ ls -ld foo/*
drwxr-xr-x 3 mikko mikko 1024 2005-11-29 12:06 foo/bar

~/src/genext2fs-cvs_29112005$ ./genext2fs -d foo -b 1000 -r 0 /tmp/foo.img
~/src/genext2fs-cvs_29112005$ sudo mount -o loop -t ext2 /tmp/foo.img
/mnt/foo
~/src/genext2fs-cvs_29112005$ ls -ldR /mnt/foo/*
drwxr-xr-x 3 mikko mikko 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -lR /mnt/foo/*
/mnt/foo/bar:
total 1
drwxr-xr-x 2 mikko mikko 1024 2005-11-29 12:06 xyz

/mnt/foo/bar/xyz:
total 0
~/src/genext2fs-cvs_29112005$ sudo umount /mnt/foo

~/src/genext2fs-cvs_29112005$ ./genext2fs --squash-uids --squash-perms
-d foo -b 1000 -r 0 /tmp/foo2.img
~/src/genext2fs-cvs_29112005$ sudo mount -o loop -t ext2 /tmp/foo2.img
/mnt/foo
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar
drwx------ 3 root root 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar*
drwx------ 3 root root 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar/xyz
ls: /mnt/foo/bar/xyz: Permission denied

So the --squash* options seem very handy to debian-installer for
example. It's been a while since genext2fs 1.3 release so perhaps this
cvs version could be uploaded to unstable?

-Mikko

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-29:

#16

Message-ID: <email address hidden>
Date: Tue, 29 Nov 2005 12:31:48 +0200
From: Mikko Rapeli <email address hidden>
To: <email address hidden>
CC: <email address hidden>
Subject: genext2fs CVS version fixes this well

I took the cvs version of genext2fs for a spin:

~/src/genext2fs-cvs_29112005$ mkdir -p foo/bar/xyz
~/src/genext2fs-cvs_29112005$ ls -ld foo/*
drwxr-xr-x 3 mikko mikko 1024 2005-11-29 12:06 foo/bar

~/src/genext2fs-cvs_29112005$ ./genext2fs -d foo -b 1000 -r 0 /tmp/foo.img
~/src/genext2fs-cvs_29112005$ sudo mount -o loop -t ext2 /tmp/foo.img
/mnt/foo
~/src/genext2fs-cvs_29112005$ ls -ldR /mnt/foo/*
drwxr-xr-x 3 mikko mikko 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -lR /mnt/foo/*
/mnt/foo/bar:
total 1
drwxr-xr-x 2 mikko mikko 1024 2005-11-29 12:06 xyz

/mnt/foo/bar/xyz:
total 0
~/src/genext2fs-cvs_29112005$ sudo umount /mnt/foo

~/src/genext2fs-cvs_29112005$ ./genext2fs --squash-uids --squash-perms
-d foo -b 1000 -r 0 /tmp/foo2.img
~/src/genext2fs-cvs_29112005$ sudo mount -o loop -t ext2 /tmp/foo2.img
/mnt/foo
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar
drwx------ 3 root root 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar*
drwx------ 3 root root 1024 2005-11-29 12:06 /mnt/foo/bar
~/src/genext2fs-cvs_29112005$ ls -ld /mnt/foo/bar/xyz
ls: /mnt/foo/bar/xyz: Permission denied

So the --squash* options seem very handy to debian-installer for
example. It's been a while since genext2fs 1.3 release so perhaps this
cvs version could be uploaded to unstable?

-Mikko

Revision history for this message

In Debian Bug tracker #341173, David Kimdon (dwhedon) wrote on 2005-11-29: Bug#341173: fixed in genext2fs 1.3-8

#17

Source: genext2fs
Source-Version: 1.3-8

We believe that the bug you reported is fixed in the latest version of
genext2fs, which is due to be installed in the Debian FTP archive:

genext2fs_1.3-8.diff.gz
  to pool/main/g/genext2fs/genext2fs_1.3-8.diff.gz
genext2fs_1.3-8.dsc
  to pool/main/g/genext2fs/genext2fs_1.3-8.dsc
genext2fs_1.3-8_powerpc.deb
  to pool/main/g/genext2fs/genext2fs_1.3-8_powerpc.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kimdon <email address hidden> (supplier of updated genext2fs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Nov 2005 11:12:31 -0800
Source: genext2fs
Binary: genext2fs
Architecture: source powerpc
Version: 1.3-8
Distribution: unstable
Urgency: low
Maintainer: David Kimdon <email address hidden>
Changed-By: David Kimdon <email address hidden>
Description:
genext2fs - ext2 filesystem generator for embedded systems
Closes: 258661 341173
Changes:
genext2fs (1.3-8) unstable; urgency=low
.
   * Update to upstream cvs as of 29-11-2005. This is similar to what 1.4
     will be.
     Preserve permissions. (Closes: #341173)
     Create lost+found (Closes: #258661)
Files:
986f6df0d3ba158bbb75f1e8cf7753b1 563 admin optional genext2fs_1.3-8.dsc
25e985feb7ce23a1bf63c0f99a659ab3 27695 admin optional genext2fs_1.3-8.diff.gz
2e129a4f0cbec6d14ba556f441d1d4f9 22672 admin optional genext2fs_1.3-8_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjH5BST1m+6jv1gMRAvbOAJ90HAP++LWdqSCBr7x9Sea2FrZ8fgCcCZ/w
3+0d3baEgJ+AJil2RYwDkKM=
=0+mU
-----END PGP SIGNATURE-----

Source: genext2fs
Source-Version: 1.3-8

We believe that the bug you reported is fixed in the latest version of
genext2fs, which is due to be installed in the Debian FTP archive:

genext2fs_1.3-8.diff.gz
  to pool/main/g/genext2fs/genext2fs_1.3-8.diff.gz
genext2fs_1.3-8.dsc
  to pool/main/g/genext2fs/genext2fs_1.3-8.dsc
genext2fs_1.3-8_powerpc.deb
  to pool/main/g/genext2fs/genext2fs_1.3-8_powerpc.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 341173@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kimdon <dwhedon@debian.org> (supplier of updated genext2fs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Nov 2005 11:12:31 -0800
Source: genext2fs
Binary: genext2fs
Architecture: source powerpc
Version: 1.3-8
Distribution: unstable
Urgency: low
Maintainer: David Kimdon <dwhedon@debian.org>
Changed-By: David Kimdon <dwhedon@debian.org>
Description: 
 genext2fs  - ext2 filesystem generator for embedded systems
Closes: 258661 341173
Changes: 
 genext2fs (1.3-8) unstable; urgency=low
 .
   * Update to upstream cvs as of 29-11-2005.  This is similar to what 1.4
     will be.
     Preserve permissions. (Closes: #341173)
     Create lost+found (Closes: #258661)
Files: 
 986f6df0d3ba158bbb75f1e8cf7753b1 563 admin optional genext2fs_1.3-8.dsc
 25e985feb7ce23a1bf63c0f99a659ab3 27695 admin optional genext2fs_1.3-8.diff.gz
 2e129a4f0cbec6d14ba556f441d1d4f9 22672 admin optional genext2fs_1.3-8_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjH5BST1m+6jv1gMRAvbOAJ90HAP++LWdqSCBr7x9Sea2FrZ8fgCcCZ/w
3+0d3baEgJ+AJil2RYwDkKM=
=0+mU
-----END PGP SIGNATURE-----

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-29:

#18

Message-Id: <email address hidden>
Date: Tue, 29 Nov 2005 08:32:08 -0800
From: David Kimdon <email address hidden>
To: <email address hidden>
Subject: Bug#341173: fixed in genext2fs 1.3-8

Source: genext2fs
Source-Version: 1.3-8

We believe that the bug you reported is fixed in the latest version of
genext2fs, which is due to be installed in the Debian FTP archive:

genext2fs_1.3-8.diff.gz
  to pool/main/g/genext2fs/genext2fs_1.3-8.diff.gz
genext2fs_1.3-8.dsc
  to pool/main/g/genext2fs/genext2fs_1.3-8.dsc
genext2fs_1.3-8_powerpc.deb
  to pool/main/g/genext2fs/genext2fs_1.3-8_powerpc.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kimdon <email address hidden> (supplier of updated genext2fs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Nov 2005 11:12:31 -0800
Source: genext2fs
Binary: genext2fs
Architecture: source powerpc
Version: 1.3-8
Distribution: unstable
Urgency: low
Maintainer: David Kimdon <email address hidden>
Changed-By: David Kimdon <email address hidden>
Description:
genext2fs - ext2 filesystem generator for embedded systems
Closes: 258661 341173
Changes:
genext2fs (1.3-8) unstable; urgency=low
.
   * Update to upstream cvs as of 29-11-2005. This is similar to what 1.4
     will be.
     Preserve permissions. (Closes: #341173)
     Create lost+found (Closes: #258661)
Files:
986f6df0d3ba158bbb75f1e8cf7753b1 563 admin optional genext2fs_1.3-8.dsc
25e985feb7ce23a1bf63c0f99a659ab3 27695 admin optional genext2fs_1.3-8.diff.gz
2e129a4f0cbec6d14ba556f441d1d4f9 22672 admin optional genext2fs_1.3-8_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjH5BST1m+6jv1gMRAvbOAJ90HAP++LWdqSCBr7x9Sea2FrZ8fgCcCZ/w
3+0d3baEgJ+AJil2RYwDkKM=
=0+mU
-----END PGP SIGNATURE-----

Message-Id: <E1Eh8Om-0006xv-Co@spohr.debian.org>
Date: Tue, 29 Nov 2005 08:32:08 -0800
From: David Kimdon <dwhedon@debian.org>
To: 341173-close@bugs.debian.org
Subject: Bug#341173: fixed in genext2fs 1.3-8

Source: genext2fs
Source-Version: 1.3-8

We believe that the bug you reported is fixed in the latest version of
genext2fs, which is due to be installed in the Debian FTP archive:

genext2fs_1.3-8.diff.gz
  to pool/main/g/genext2fs/genext2fs_1.3-8.diff.gz
genext2fs_1.3-8.dsc
  to pool/main/g/genext2fs/genext2fs_1.3-8.dsc
genext2fs_1.3-8_powerpc.deb
  to pool/main/g/genext2fs/genext2fs_1.3-8_powerpc.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 341173@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Kimdon <dwhedon@debian.org> (supplier of updated genext2fs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 29 Nov 2005 11:12:31 -0800
Source: genext2fs
Binary: genext2fs
Architecture: source powerpc
Version: 1.3-8
Distribution: unstable
Urgency: low
Maintainer: David Kimdon <dwhedon@debian.org>
Changed-By: David Kimdon <dwhedon@debian.org>
Description: 
 genext2fs  - ext2 filesystem generator for embedded systems
Closes: 258661 341173
Changes: 
 genext2fs (1.3-8) unstable; urgency=low
 .
   * Update to upstream cvs as of 29-11-2005.  This is similar to what 1.4
     will be.
     Preserve permissions. (Closes: #341173)
     Create lost+found (Closes: #258661)
Files: 
 986f6df0d3ba158bbb75f1e8cf7753b1 563 admin optional genext2fs_1.3-8.dsc
 25e985feb7ce23a1bf63c0f99a659ab3 27695 admin optional genext2fs_1.3-8.diff.gz
 2e129a4f0cbec6d14ba556f441d1d4f9 22672 admin optional genext2fs_1.3-8_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDjH5BST1m+6jv1gMRAvbOAJ90HAP++LWdqSCBr7x9Sea2FrZ8fgCcCZ/w
3+0d3baEgJ+AJil2RYwDkKM=
=0+mU
-----END PGP SIGNATURE-----

Revision history for this message

Matt Zimmerman (mdz) wrote on 2006-03-31:

#19

Fixed in 1.3-8 and later:

genext2fs | 1.3-8ubuntu1 | http://us.archive.ubuntu.com dapper/main Packages

Changed in genext2fs:
status:	Unconfirmed → Fix Released

Affects		Status	Importance	Assigned to	Milestone
	genext2fs (Debian)	Fix Released	Unknown	debbugs #341173
	genext2fs (Ubuntu)	Fix Released	High	Unassigned

Ubuntu
genext2fs package

genext2fs does not preserve file permissions in generated image

Bug Description

Other bug subscribers

Remote bug watches

Ubuntugenext2fs package

genext2fs does not preserve file permissions in generated image

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
genext2fs package