Summary: | Kernel: btrfs: creates world writable files | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Raimonds Cicans <ray> | ||||||||||
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> | ||||||||||
Status: | RESOLVED OBSOLETE | ||||||||||||
Severity: | normal | CC: | ray | ||||||||||
Priority: | Normal | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
URL: | https://bugzilla.kernel.org/show_bug.cgi?id=50861 | ||||||||||||
Whiteboard: | [<3.8-rc1] | ||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
Raimonds Cicans
2012-11-03 13:05:03 UTC
Created attachment 328208 [details]
emerge --info : affected system #1
Created attachment 328210 [details]
emerge --info : affected system #2
Created attachment 328212 [details]
emerge --info : not affected system
Same problem with www-client/firefox-10.0.9:/usr/lib64/firefox/libxul.so @mozilla, can you please look into this? I can't reproduce it locally; libxul.so (and others) install with 0755 Is it possible that for some reason there's a non-standard umask on these affected systems? Or something special with the filesystem (either in /var/tmp/portage or in /usr/lib64/[whatever] )? (In reply to comment #6) > Is it possible that for some reason there's a non-standard umask on these > affected systems? Or something special with the filesystem (either in > /var/tmp/portage or in /usr/lib64/[whatever] )? Umask on all systems is 0022 $PORTAGE_TMPDIR on all systems reside on btrfs sub-volume with same permissions /usr/lib64/[whatever] have same permissions on all systems Version 10.0.10 of thunderbird & firefox is also affected Created attachment 330086 [details]
Test program in C: creates 1000000 empty files
On one of affected systems i used tmpfs for $PORTAGE_TMPDIR instead of btrfs.
Thunderbird compiled without problems.
So it looks problem is in btrfs.
I found one simple test case: when create large amount of empty files some files get world writable permissions.
To test this case I attached simple C program which create 1000000 empty files.
Short instructions:
gcc -O2 mkfiles.c
umask 0022
./a.out
find . -type f -perm -g+w | wc -l
Last command on non affected system should return 0.
Affected kernels:
3.4.2-hardened
3.5.4-hardened-r1
3.6.6-gentoo
What should I do next with this bug? Should I report this upstream?
(In reply to comment #9) Posted this bug on Linux kernel bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=50861 (In reply to comment #10) > (In reply to comment #9) > > Posted this bug on Linux kernel bugzilla: > https://bugzilla.kernel.org/show_bug.cgi?id=50861 Thanks for reporting upstream. Since it is apparently not thunderbird related (just happens to be triggered by TB), un-CC'ing mozilla. There are no longer any 2.x or <3.6.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |