Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 441570 - Kernel: btrfs: creates world writable files
Summary: Kernel: btrfs: creates world writable files
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.kernel.org/show_bug....
Whiteboard: [<3.8-rc1]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-03 13:05 UTC by Raimonds Cicans
Modified: 2018-04-04 18:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info : affected system #1 (affected1,5.28 KB, text/plain)
2012-11-03 13:07 UTC, Raimonds Cicans
no flags Details
emerge --info : affected system #2 (affected2,8.99 KB, text/plain)
2012-11-03 13:07 UTC, Raimonds Cicans
no flags Details
emerge --info : not affected system (not_affected,5.58 KB, text/plain)
2012-11-03 13:08 UTC, Raimonds Cicans
no flags Details
Test program in C: creates 1000000 empty files (mkfiles.c,206 bytes, text/plain)
2012-11-20 15:16 UTC, Raimonds Cicans
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Raimonds Cicans 2012-11-03 13:05:03 UTC
On 2 systems out of 3 file /usr/lib64/thunderbird/libxul.so from package  mail-client/thunderbird-10.0.9 have permissions 0777.

It looks previous versions of mail-client/thunderbird are not affected.
Comment 1 Raimonds Cicans 2012-11-03 13:07:05 UTC
Created attachment 328208 [details]
emerge --info : affected system #1
Comment 2 Raimonds Cicans 2012-11-03 13:07:36 UTC
Created attachment 328210 [details]
emerge --info : affected system #2
Comment 3 Raimonds Cicans 2012-11-03 13:08:12 UTC
Created attachment 328212 [details]
emerge --info : not affected system
Comment 4 Raimonds Cicans 2012-11-03 16:20:59 UTC
Same problem with www-client/firefox-10.0.9:/usr/lib64/firefox/libxul.so
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-13 00:09:38 UTC
@mozilla, can you please look into this?
Comment 6 Ian Stakenvicius (RETIRED) gentoo-dev 2012-11-13 17:13:11 UTC
I can't reproduce it locally; libxul.so (and others) install with 0755

Is it possible that for some reason there's a non-standard umask on these affected systems?  Or something special with the filesystem (either in /var/tmp/portage or in /usr/lib64/[whatever] )?
Comment 7 Raimonds Cicans 2012-11-16 19:52:10 UTC
(In reply to comment #6)
> Is it possible that for some reason there's a non-standard umask on these
> affected systems?  Or something special with the filesystem (either in
> /var/tmp/portage or in /usr/lib64/[whatever] )?

Umask on all systems is 0022
$PORTAGE_TMPDIR on all systems reside on btrfs sub-volume with same permissions
/usr/lib64/[whatever] have same permissions on all systems
Comment 8 Raimonds Cicans 2012-11-16 19:55:02 UTC
Version 10.0.10 of thunderbird & firefox is also affected
Comment 9 Raimonds Cicans 2012-11-20 15:16:18 UTC
Created attachment 330086 [details]
Test program in C: creates 1000000 empty files

On one of affected systems i used tmpfs for $PORTAGE_TMPDIR instead of btrfs.
Thunderbird compiled without problems. 
So it looks problem is in btrfs.

I found one simple test case: when create large amount of empty files some files get world writable permissions.

To test this case I attached simple C program which create 1000000 empty files.
Short instructions:
gcc -O2 mkfiles.c
umask 0022
./a.out
find . -type f -perm -g+w | wc -l

Last command on non affected system should return 0.

Affected kernels:
3.4.2-hardened
3.5.4-hardened-r1
3.6.6-gentoo

What should I do next with this bug? Should I report this upstream?
Comment 10 Raimonds Cicans 2012-11-21 17:33:09 UTC
(In reply to comment #9)

Posted this bug on Linux kernel bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=50861
Comment 11 Ian Stakenvicius (RETIRED) gentoo-dev 2012-11-21 17:35:54 UTC
(In reply to comment #10)
> (In reply to comment #9)
> 
> Posted this bug on Linux kernel bugzilla:
> https://bugzilla.kernel.org/show_bug.cgi?id=50861

Thanks for reporting upstream.  Since it is apparently not thunderbird related (just happens to be triggered by TB), un-CC'ing mozilla.
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-04 18:24:39 UTC
There are no longer any 2.x or <3.6.6 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.