Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 700020

Summary: app-arch/cpio-2.13 --no-absolute-filenames mangles symlinks
Product: Gentoo Linux Reporter: Anton Gubarkov <anton.gubarkov>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, chutzpah, floppym, sam
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 699456    
Attachments: dracut screen
rdsosreport

Description Anton Gubarkov 2019-11-13 16:02:53 UTC
I use root on ZFS and use dracut to import my root dataset.

Starting from 5.2.20 I can't reboot my laptop normally. when the system finishes bringing itself down and the only thing that is left is reboot, I'm dropped to a shell with a message that reboot command is not available.

I tried to research the issue myself and here is what lsinird gives me.

PF16W6Y2 /usr/src/linux # lsinitrd /boot/initramfs-5.3.11-gentoo.img |grep reboot
lrwxrwxrwx   1 root     root           13 Nov 13 18:53 lib/systemd/system/ctrl-alt-del.target -> reboot.target
-rw-r--r--   1 root     root          583 Sep  3 12:27 lib/systemd/system/reboot.target
-rw-r--r--   1 root     root          551 Sep  3 12:27 lib/systemd/system/systemd-reboot.service
lrwxrwxrwx   1 root     root           16 Nov 13 18:53 sbin/reboot -> ../bin/systemctl
Comment 1 Anton Gubarkov 2019-11-13 16:12:05 UTC
I tried to reboot to older kernels/initramfs (from Aug 2019) that were working fine, and I noticed that they also have this problem.
Comment 2 Anton Gubarkov 2019-11-13 16:17:49 UTC
Created attachment 596004 [details]
dracut screen
Comment 3 Anton Gubarkov 2019-11-13 16:19:24 UTC
Created attachment 596006 [details]
rdsosreport
Comment 4 Alexander Tsoy 2019-11-14 16:03:21 UTC
Yes, I can reproduce this with app-arch/cpio-2.13. CCing @base-system

* cpio-2.12-r1:

$ sudo rm -rf -- /run/initramfs/* && sudo touch /run/initramfs/.need_shutdown
$ sudo LANG=C /usr/lib/dracut/dracut-initramfs-restore 

gzip: stdin: not in gzip format
cpio: premature end of archive
$ LANG=C ls -l /run/initramfs/sbin/
total 2912
-rwxr-xr-x 1 root root  116632 Nov 14 19:02 blkid
-rwxr-xr-x 1 root root     770 Nov 14 19:02 crypt-run-generator
lrwxrwxrwx 1 root root      11 Nov 14 19:02 depmod -> ../bin/kmod
-r-xr-xr-x 1 root root   42872 Nov 14 19:02 dmeventd
-r-xr-xr-x 1 root root  154000 Nov 14 19:02 dmsetup
-rwxr-xr-x 1 root root   51112 Nov 14 19:02 fsck
-rwxr-xr-x 1 root root    1968 Nov 14 19:02 fsck.xfs
lrwxrwxrwx 1 root root      16 Nov 14 19:02 halt -> ../bin/systemctl
lrwxrwxrwx 1 root root      22 Nov 14 19:02 init -> ../lib/systemd/systemd
-rwxr-xr-x 1 root root    1163 Nov 14 19:02 initqueue
lrwxrwxrwx 1 root root      11 Nov 14 19:02 insmod -> ../bin/kmod
-rwxr-xr-x 1 root root     193 Nov 14 19:02 insmodpost.sh
-rwxr-xr-x 1 root root     492 Nov 14 19:02 loginit
-rwxr-xr-x 1 root root  108520 Nov 14 19:02 losetup
-r-xr-xr-x 1 root root 2135432 Nov 14 19:02 lvm
-rwxr-xr-x 1 root root    3527 Nov 14 19:02 lvm_scan
lrwxrwxrwx 1 root root      11 Nov 14 19:02 modprobe -> ../bin/kmod
-rwxr-xr-x 1 root root   14120 Nov 14 19:02 nologin
lrwxrwxrwx 1 root root      16 Nov 14 19:02 poweroff -> ../bin/systemctl
-rwxr-xr-x 1 root root    1346 Nov 14 19:02 rdsosreport
lrwxrwxrwx 1 root root      16 Nov 14 19:02 reboot -> ../bin/systemctl
lrwxrwxrwx 1 root root      11 Nov 14 19:02 rmmod -> ../bin/kmod
-rwxr-xr-x 1 root root   22384 Nov 14 19:02 swapoff
-rwxr-xr-x 1 root root    6052 Nov 14 19:02 tracekomem
-rwxr-xr-x 1 root root  281336 Nov 14 19:02 xfs_repair



* cpio-2.13:

$ sudo rm -rf -- /run/initramfs/* && sudo touch /run/initramfs/.need_shutdown
$ sudo LANG=C /usr/lib/dracut/dracut-initramfs-restore 

gzip: stdin: not in gzip format
cpio: premature end of archive
cpio: Removing leading `../' from hard link targets
cpio: Removing leading `/' from hard link targets
cpio: Removing leading `../../' from hard link targets
$ LANG=C ls -l /run/initramfs/sbin/
total 2912
-rwxr-xr-x 1 root root  116632 Nov 14 18:58 blkid
-rwxr-xr-x 1 root root     770 Nov 14 18:58 crypt-run-generator
lrwxrwxrwx 1 root root       8 Nov 14 18:58 depmod -> bin/kmod
-r-xr-xr-x 1 root root   42872 Nov 14 18:58 dmeventd
-r-xr-xr-x 1 root root  154000 Nov 14 18:58 dmsetup
-rwxr-xr-x 1 root root   51112 Nov 14 18:58 fsck
-rwxr-xr-x 1 root root    1968 Nov 14 18:58 fsck.xfs
lrwxrwxrwx 1 root root      13 Nov 14 18:58 halt -> bin/systemctl
lrwxrwxrwx 1 root root      19 Nov 14 18:58 init -> lib/systemd/systemd
-rwxr-xr-x 1 root root    1163 Nov 14 18:58 initqueue
lrwxrwxrwx 1 root root       8 Nov 14 18:58 insmod -> bin/kmod
-rwxr-xr-x 1 root root     193 Nov 14 18:58 insmodpost.sh
-rwxr-xr-x 1 root root     492 Nov 14 18:58 loginit
-rwxr-xr-x 1 root root  108520 Nov 14 18:58 losetup
-r-xr-xr-x 1 root root 2135432 Nov 14 18:58 lvm
-rwxr-xr-x 1 root root    3527 Nov 14 18:58 lvm_scan
lrwxrwxrwx 1 root root       8 Nov 14 18:58 modprobe -> bin/kmod
-rwxr-xr-x 1 root root   14120 Nov 14 18:58 nologin
lrwxrwxrwx 1 root root      13 Nov 14 18:58 poweroff -> bin/systemctl
-rwxr-xr-x 1 root root    1346 Nov 14 18:58 rdsosreport
lrwxrwxrwx 1 root root      13 Nov 14 18:58 reboot -> bin/systemctl
lrwxrwxrwx 1 root root       8 Nov 14 18:58 rmmod -> bin/kmod
-rwxr-xr-x 1 root root   22384 Nov 14 18:58 swapoff
-rwxr-xr-x 1 root root    6052 Nov 14 18:58 tracekomem
-rwxr-xr-x 1 root root  281336 Nov 14 18:58 xfs_repair
Comment 5 Larry the Git Cow gentoo-dev 2019-11-14 16:16:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b970f65cf4d322f6b265517c2d6436733de37abd

commit b970f65cf4d322f6b265517c2d6436733de37abd
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-11-14 16:15:55 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-11-14 16:15:55 +0000

    Revert "app-arch/cpio: arm64 stable (bug #699456)"
    
    This reverts commit 2b5ae3f07795864449f2d07859fdfd0433d3a021.
    
    Bug: https://bugs.gentoo.org/700020
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 app-arch/cpio/cpio-2.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=129584525d0aeb98551c4d53320932d684ebf2ed

commit 129584525d0aeb98551c4d53320932d684ebf2ed
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-11-14 16:15:24 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-11-14 16:15:24 +0000

    Revert "app-arch/cpio: x86 stable wrt bug #699456"
    
    This reverts commit 0321d4558c0fd573f8378e27b46d2a8cfd59d4cc.
    
    Bug: https://bugs.gentoo.org/700020
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 app-arch/cpio/cpio-2.13.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 6 Alexander Tsoy 2019-11-14 16:19:27 UTC
Exact commands executed by dracut-initramfs-restore.sh:
https://github.com/dracutdevs/dracut/blob/ff2043fb4244b0ba740724921e9667aad19f262a/dracut-initramfs-restore.sh#L28

Removing --no-absolute-filenames arg fixes this issue for me. But I don't think that stripping '../' from symlink target is expected behaviour even with --no-absolute-filenames.
Comment 7 Larry the Git Cow gentoo-dev 2019-11-14 16:28:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff0c82b832d026085ef06fb3186f52d12d6ff7dc

commit ff0c82b832d026085ef06fb3186f52d12d6ff7dc
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-11-14 16:27:58 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-11-14 16:28:40 +0000

    package.mask: Masked =app-arch/cpio-2.13
    
    Bug: https://bugs.gentoo.org/700020
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 8 Alexander Tsoy 2019-11-14 16:53:39 UTC
(In reply to Alexander Tsoy from comment #6)
> Removing --no-absolute-filenames arg fixes this issue for me. But I don't
> think that stripping '../' from symlink target is expected behaviour even
> with --no-absolute-filenames.
Looks like this is exactly what fix for CVE-2015-1197 is doing.
Comment 9 Jimmy.Jazz 2019-11-15 18:35:08 UTC
Probably off topic but I had to patch kernel usr/Makefile to generate a valid initramfs. I took some time to figure it out.

--- usr/Makefile.orig	2017-02-19 23:34:00.000000000 +0100
+++ usr/Makefile	2017-02-22 23:44:24.554921038 +0100
@@ -43,7 +43,7 @@
 targets := $(datafile_y)
 
 # do not try to update files included in initramfs
-$(deps_initramfs): ;
+$(deps_initramfs): ; 
 
 $(deps_initramfs): klibcdirs
 # We rebuild initramfs_data.cpio if:
@@ -52,5 +52,6 @@
 # 3) If gen_init_cpio are newer than initramfs_data.cpio
 # 4) arguments to gen_initramfs.sh changes
 $(obj)/$(datafile_y): $(obj)/gen_init_cpio $(deps_initramfs) klibcdirs
-	$(Q)$(initramfs) -l $(ramfs-input) > $(obj)/$(datafile_d_y)
+	$(Q)$(initramfs) -l $(ramfs-input) | \
+	sed '2,$$s/:/\\:/g' > $(obj)/$(datafile_d_y)
 	$(call if_changed,initfs)
Comment 10 Mike Gilbert gentoo-dev 2019-11-15 19:29:35 UTC
(In reply to Jimmy.Jazz from comment #9)

Yes, that is completely off-topic.
Comment 11 Mike Gilbert gentoo-dev 2019-11-15 20:18:55 UTC
Sent mail to cpio upstream.

https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00013.html
Comment 12 Mike Gilbert gentoo-dev 2019-11-19 21:50:33 UTC
Upstream confirms this is a bug, and is working on a fix.

In the mean time, they suggested reverting this commit:

https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca
Comment 13 Larry the Git Cow gentoo-dev 2022-10-18 18:41:28 UTC Comment hidden (obsolete)
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-18 18:58:39 UTC
Oh my. This bit isn't fixed.
Comment 15 Larry the Git Cow gentoo-dev 2022-10-18 19:12:28 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a52ec56f85b11ee1faceddac7874666ad6d2b164

commit a52ec56f85b11ee1faceddac7874666ad6d2b164
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-18 19:11:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-18 19:12:00 +0000

    app-arch/cpio: revert CVE-2015-1197 fix for --no-absolute-filenames
    
    At least we can have the fix for CVE-2021-38185.
    
    Bug: https://bugs.gentoo.org/699456
    Bug: https://bugs.gentoo.org/807088
    Closes: https://bugs.gentoo.org/700020
    Signed-off-by: Sam James <sam@gentoo.org>

 .../{cpio-2.13-r1.ebuild => cpio-2.13-r2.ebuild}   |  1 +
 ...e-filenames-revert-CVE-2015-1197-handling.patch | 47 ++++++++++++++++++++++
 2 files changed, 48 insertions(+)
Comment 16 eslerm 2024-01-04 22:26:40 UTC
Upstream patches are now available: openwall[dot]com/lists/oss-security/2023/12/21/8

(my account is too new to post the link)
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-01-05 08:03:10 UTC
(In reply to eslerm from comment #16)
> Upstream patches are now available:
> openwall[dot]com/lists/oss-security/2023/12/21/8
> 
> (my account is too new to post the link)

I think this is all handled already - see bug 699456, i.e. 2.14 should be OK?