pathconf() does not reflect reality

Bug #885744 reported by Kees Cook on 2011-11-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
High
Tyler Hicks
linux (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

In the face of letting a program discover what the maximum length of a filename is on an eCryptfs mount point, the pathconf() routine appears to lie:

kees@sec-oneiric-amd64:~/Private$ mount | grep $(pwd)
/home/kees/.Private on /home/kees/Private type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=...,ecryptfs_fnek_sig=...)

kees@sec-oneiric-amd64:~/Private$ getconf NAME_MAX .
255

kees@sec-oneiric-amd64:~/Private$ for i in $(seq 1 $(getconf NAME_MAX .)); do touch $(perl -e 'print "A" x '"$i"';') || { echo failed: $i; break; }; done
touch: cannot touch `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA': File name too long
failed: 144

Changed in ecryptfs:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Tyler Hicks (tyhicks)
Tyler Hicks (tyhicks) wrote :

Thanks again, Kees. Note to myself:

statfs(".", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=18226758, f_bfree=5764244, f_bavail=4838356, f_files=4636672, f_ffree=3988217, f_fsid={-1849260021, -1854857501}, f_namelen=255, f_frsize=4096}) = 0

ecryptfs_statfs() does several wrong things, f_namelen being one of those.

Tyler Hicks (tyhicks) on 2011-12-20
Changed in ecryptfs:
status: Triaged → In Progress
Tyler Hicks (tyhicks) wrote :

A fix for this bug has been sent out for comments and iterated upon:

http://article.gmane.org/gmane.comp.file-systems.ecryptfs.general/52

Linus has said he'd prefer it go into 3.3:

http://article.gmane.org/gmane.comp.file-systems.ecryptfs.general/64

So, it will live in the eCryptfs linux-next branch until the 3.3 merge window opens.

Tim Gardner (timg-tpi) wrote :

UBUNTU: SAUCE: eCryptfs: Improve statfs reporting

Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.2.0-8.14

---------------
linux (3.2.0-8.14) precise; urgency=low

  [ Andy Whitcroft ]

  * [Config] enable CONFIG_SND_USB_6FIRE
    - LP: #912197
  * rebase to mainline v3.2 final release
  * updateconfigs following rebase to v3.2 final
  * ubuntu: AUFS -- add BOM and automated update script
  * ubuntu: AUFS -- include the aufs_types.h file in linux-libc-headers
    - LP: #684666
  * ubuntu: AUFS -- update aufs-update to track new locations of headers
  * ubuntu: AUFS -- clean up the aufs updater and BOM
  * ubuntu: AUFS -- documentation on updating aufs2
  * ubuntu: AUFS -- aufs3-base.patch
  * ubuntu: AUFS -- aufs3-standalone.patch
  * ubuntu: AUFS -- fix undefined __devcgroup_inode_permission
  * ubuntu: AUFS -- fix undefined security_path_link
  * ubuntu: AUFS -- update to 4cf5db36bcd9748e8e7270022f295f84d1fc2245
  * ubuntu: AUFS -- updateconfigs following update
  * ubuntu: AUFS -- suppress benign plink warning messages
    - LP: #621195
  * ubuntu: AUFS -- enable in config and makefile
  * ubuntu: AUFS -- disable in favor of overlayfs
  * [Config] linux-virtual -- should include the extX modules
    - LP: #912308

  [ Tyler Hicks ]

  * SAUCE: eCryptfs: Improve statfs reporting
    - LP: #885744

  [ Upstream Kernel Changes ]

  * rebase to upstream v3.2
 -- Leann Ogasawara <email address hidden> Mon, 26 Dec 2011 20:24:30 -0800

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Colin Ian King (colin-king) wrote :

SRU justification:

Impact:

statfs() calls on eCryptfs files returned the wrong filesystem type and,
when using filename encryption, the wrong maximum filename length.

If mount-wide filename encryption is enabled, the cipher block size and
the lower filesystem's max filename length will determine the max
eCryptfs filename length. Pre-tested, known good lengths are used when
the lower filesystem's namelen is 255 and a cipher with 8 or 16 byte
block sizes is used. In other, less common cases, we fall back to a safe
rounded-down estimate when determining the eCryptfs namelen.

Fix:

Backport of upstream commit 4a26620df451ad46151ad21d711ed43e963c004e

Testcase:

http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/640
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/625
[ see test: tests/kernel/lp-885744 ]

Tim Gardner (timg-tpi) on 2012-03-14
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Tim Gardner (timg-tpi) on 2012-03-14
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Colin Ian King (colin-king) wrote :

verified on 2.6.38-14.58 -proposed with ext2, ext3, ext4, xfs, btrfs lower file systems.

tags: added: verification-done-natty
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Lucid in -proposed solves the problem (2.6.32-41.88). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lucid' to 'verification-done-lucid'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-lucid
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Oneiric in -proposed solves the problem ( 3.0.0-18.31). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oneiric' to 'verification-done-oneiric'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-oneiric
Tim Gardner (timg-tpi) on 2012-04-02
Changed in linux (Ubuntu Maverick):
status: New → Won't Fix
Colin Ian King (colin-king) wrote :

verified on lucid 2.6.32-41.88 -proposed with ext2, ext3, ext4, xfs lower file systems.

tags: added: verification-done-lucid
removed: verification-needed-lucid
Colin Ian King (colin-king) wrote :

verified on oneiric 3.0.0-18.31 -proposed with ext2, ext3, ext4, xfs, btrfs lower file systems.

tags: added: verification-done-oneiric
removed: verification-needed-oneiric
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-14.58

---------------
linux (2.6.38-14.58) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #965346

  [ Andy Whitcroft ]

  * [Config] restore build-% shortcut

  [ Upstream Kernel Changes ]

  * eCryptfs: Make truncate path killable
    - LP: #947270
  * bsg: fix sysfs link remove warning
    - LP: #946928
  * regset: Prevent null pointer reference on readonly regsets
    - LP: #949905
    - CVE-2012-1097
  * regset: Return -EFAULT, not -EIO, on host-side memory fault
    - LP: #949905
    - CVE-2012-1097
  * mm: memcg: Correct unregistring of events attached to the same eventfd
    - LP: #952828
    - CVE-2012-1146
  * KVM: Remove ability to assign a device without iommu support
    - LP: #897812
    - CVE-2011-4347
  * eCryptfs: Copy up lower inode attrs after setting lower xattr
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * eCryptfs: Improve statfs reporting
    - LP: #885744
  * KVM: x86: extend "struct x86_emulate_ops" with "get_cpuid"
    - LP: #917842
    - CVE-2012-0045
  * KVM: x86: fix missing checks in syscall emulation
    - LP: #917842
    - CVE-2012-0045
 -- Luis Henriques <email address hidden> Mon, 26 Mar 2012 15:28:22 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.8 KiB)

This bug was fixed in the package linux - 2.6.32-41.88

---------------
linux (2.6.32-41.88) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #966443

  [ Andy Whitcroft ]

  * [Config] restore build-% shortcut

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685

  [ Upstream Kernel Changes ]

  * Revert "Revert "USB: xhci - fix unsafe macro definitions""
    - LP: #948139
  * Revert "Revert "USB: xhci - fix math in xhci_get_endpoint_interval()""
    - LP: #948139
  * Revert "Revert "xhci: Fix full speed bInterval encoding.""
    - LP: #948139
  * bsg: fix sysfs link remove warning
    - LP: #946928
  * hwmon: (f75375s) Fix bit shifting in f75375_write16
    - LP: #948139
  * lib: proportion: lower PROP_MAX_SHIFT to 32 on 64-bit kernel
    - LP: #948139
  * relay: prevent integer overflow in relay_open()
    - LP: #948139
  * mac80211: timeout a single frame in the rx reorder buffer
    - LP: #948139
  * kernel.h: fix wrong usage of __ratelimit()
    - LP: #948139
  * printk_ratelimited(): fix uninitialized spinlock
    - LP: #948139
  * hwmon: (f75375s) Fix automatic pwm mode setting for F75373 & F75375
    - LP: #948139
  * crypto: sha512 - Use binary and instead of modulus
    - LP: #948139
  * crypto: sha512 - Avoid stack bloat on i386
    - LP: #948139
  * crypto: sha512 - use standard ror64()
    - LP: #948139
  * SCSI: 3w-9xxx fix bug in sgl loading
    - LP: #948139
  * ARM: 7321/1: cache-v7: Disable preemption when reading CCSIDR
    - LP: #948139
  * ARM: 7325/1: fix v7 boot with lockdep enabled
    - LP: #948139
  * USB: Added Kamstrup VID/PIDs to cp210x serial driver.
    - LP: #948139
  * USB: Fix handoff when BIOS disables host PCI device.
    - LP: #948139
  * xhci: Fix encoding for HS bulk/control NAK rate.
    - LP: #948139
  * hdpvr: fix race conditon during start of streaming
    - LP: #948139
  * cdrom: use copy_to_user() without the underscores
    - LP: #948139
  * autofs: work around unhappy compat problem on x86-64
    - LP: #948139
  * Fix autofs compile without CONFIG_COMPAT
    - LP: #948139
  * compat: fix compile breakage on s390
    - LP: #948139
  * PM: Print a warning if firmware is requested when tasks are frozen
    - LP: #948139
  * firmware loader: allow builtin firmware load even if usermodehelper is
    disabled
    - LP: #948139
  * PM / Sleep: Fix freezer failures due to racy
    usermodehelper_is_disabled()
    - LP: #948139
  * PM / Sleep: Fix read_unlock_usermodehelper() call.
    - LP: #948139
  * Linux 2.6.32.58
    - LP: #948139
  * regset: Prevent null pointer reference on readonly regsets
    - LP: #949905
    - CVE-2012-1097
  * regset: Return -EFAULT, not -EIO, on host-side memory fault
    - LP: #949905
    - CVE-2012-1097
  * KVM: Remove ability to assign a device without iommu support
    - LP: #897812
    - CVE-2011-4347
  * eCryptfs: Copy up lower inode attrs after setting lower xattr
  * eCryptfs: Improve statfs reporting
    - LP: #885744
  * drm/i915: no lvds quirk for AOpen MP45
    - LP: #955078
  * drm/radeon/kms: fix MSI re-arm on rv370+
    - LP: #955078
  * Linux 2.6.32.58+drm33.24
    - LP: #955078
  ...

Read more...

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (24.1 KiB)

This bug was fixed in the package linux - 3.0.0-19.33

---------------
linux (3.0.0-19.33) oneiric-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #985736

  [ Luis Henriques ]

  * SAUCE: ite-cir: postpone ISR registration
    - LP: #984387

linux (3.0.0-19.32) oneiric-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #974368

  [ Brad Figg ]

  * SAUCE (no-up) Provide a param for allowing the BIOS to handle changing
    the brightness on AC/battery status changes.
    - LP: #949311
  * SAUCE (no-up) Quirk for enabling backlight hotkeys on Samsung N150P
    - LP: #875893

  [ Daniel Vetter ]

  * SAUCE: (drop after 3.5) drm/i915: reinstate GM45 TV detection fix
    - LP: #638939

  [ Herton Ronaldo Krzesinski ]

  * SAUCE: (no-up) Reinstate missing hunk from nx emulation
    - LP: #972821

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685
  * SAUCE: disable_nx should not be in __cpuinitdata section for X86_32
    - LP: #968233
  * SAUCE: (no-up) remove __initdata from vesafb_fix
    - LP: #969309

  [ Upstream Kernel Changes ]

  * usermodehelper: use UMH_WAIT_PROC consistently
    - LP: #963685
  * usermodehelper: introduce umh_complete(sub_info)
    - LP: #963685
  * usermodehelper: implement UMH_KILLABLE
    - LP: #963685
  * usermodehelper: kill umh_wait, renumber UMH_* constants
    - LP: #963685
  * usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - LP: #963685
  * kmod: introduce call_modprobe() helper
    - LP: #963685
  * kmod: make __request_module() killable
    - LP: #963685
  * x86, tsc: Fix SMI induced variation in quick_pit_calibrate()
    - LP: #965586
  * ata_piix: Add Toshiba Satellite Pro A120 to the quirks list due to
    broken suspend functionality.
    - LP: #886850
  * ACPICA: Fix regression in FADT revision checks
    - LP: #883441
  * ASPM: Fix pcie devices with non-pcie children
    - LP: #961482
  * USB: option: Add MediaTek MT6276M modem&app interfaces
    - LP: #971808
  * USB: option driver: adding support for Telit CC864-SINGLE, CC864-DUAL
    and DE910-DUAL modems
    - LP: #971808
  * USB: option: make interface blacklist work again
    - LP: #971808
  * USB: option: add ZTE MF820D
    - LP: #971808
  * USB: ftdi_sio: fix problem when the manufacture is a NULL string
    - LP: #971808
  * USB: ftdi_sio: add support for BeagleBone rev A5+
    - LP: #971808
  * USB: Microchip VID mislabeled as Hornby VID in ftdi_sio.
    - LP: #971808
  * USB: ftdi_sio: new PID: Distortec JTAG-lock-pick
    - LP: #971808
  * USB: ftdi_sio: add support for FT-X series devices
    - LP: #971808
  * USB: ftdi_sio: new PID: LUMEL PD12
    - LP: #971808
  * powerpc/usb: fix bug of kernel hang when initializing usb
    - LP: #971808
  * usb: musb: Reselect index reg in interrupt context
    - LP: #971808
  * usb: gadgetfs: return number of bytes on ep0 read request
    - LP: #971808
  * USB: gadget: Make g_hid device class conform to spec.
    - LP: #971808
  * futex: Cover all PI opcodes with cmpxchg enabled check
    - LP: #971808
  * sysfs: Fix memory leak in sysfs_sd_setsecdata().
    - LP: #971808
  * tty: ...

Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Tyler Hicks (tyhicks) on 2012-05-08
Changed in ecryptfs:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers