[Bug 1051901] [NEW] Files hardlinked to others may be set to zero size

Thomas Schweikle 1051901 at bugs.launchpad.net
Mon Sep 17 10:46:25 UTC 2012 

Public bug reported:

Install Ubuntu 12.04, then upgrade to the latest kernel-image. Create a
filesystem like:

mkdir orig

move various picture files into "orig", then do

ln orig/* .

now you'll have a directory with the original files in "orig" and
hardlinked copies in "."

Next start up digikam, work on these hardlinked pictures: change them,
add or delete comments, upload them ...

Next step: run

find . -size 0

You'll find all pictures you've worked on in "orig" to show up with size
0!

The original data contained in these is lost. No recover. The files are
actually of zero size! It is not only digicam, but others to: as soon as
a file is read, and then overwritten, all not opened hardlinked files
show zero size. Only the one file you've opened keeps its size and holds
data.

I've found this behaviour with:
- digikam
- rsync
- kate

I am assuming the kernel not korrectly handling hardlinks under certain
circumstances.

Only possible workaround at the moment: do not use hardlinks! Copy
files!

The bug may be used to zero out configuration files and, if they are
empty gain access to things no access was granted, if you do

ln /etc/configfile /home/user/configfile

then work on /home/user/configfile. /etc/configfile will, after this
operation, have size 0 and hold nothing. It is at least possible to use
it for denial of service, if services depend on configfiles and do not
accept empty ones.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bash 4.2-2ubuntu2
Uname: Linux 3.4.10 x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Mon Sep 17 12:29:14 2012
InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
 LANGUAGE=de_DE:en
 TERM=screen-bce
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: bash
UpgradeStatus: Upgraded to precise on 2012-07-16 (62 days ago)
modified.conffile..etc.bash.bashrc: [modified]
modified.conffile..etc.skel..bashrc: [modified]
mtime.conffile..etc.bash.bashrc: 2012-07-16T19:54:47.049684
mtime.conffile..etc.skel..bashrc: 2012-07-16T19:42:08.188571

** Affects: bash (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1051901

Title:
  Files hardlinked to others may be set to zero size

Status in “bash” package in Ubuntu:
  New

Bug description:
  Install Ubuntu 12.04, then upgrade to the latest kernel-image. Create
  a filesystem like:

  mkdir orig

  move various picture files into "orig", then do

  ln orig/* .

  now you'll have a directory with the original files in "orig" and
  hardlinked copies in "."

  Next start up digikam, work on these hardlinked pictures: change them,
  add or delete comments, upload them ...

  Next step: run

  find . -size 0

  You'll find all pictures you've worked on in "orig" to show up with
  size 0!

  The original data contained in these is lost. No recover. The files
  are actually of zero size! It is not only digicam, but others to: as
  soon as a file is read, and then overwritten, all not opened
  hardlinked files show zero size. Only the one file you've opened keeps
  its size and holds data.

  I've found this behaviour with:
  - digikam
  - rsync
  - kate

  I am assuming the kernel not korrectly handling hardlinks under
  certain circumstances.

  Only possible workaround at the moment: do not use hardlinks! Copy
  files!

  The bug may be used to zero out configuration files and, if they are
  empty gain access to things no access was granted, if you do

  ln /etc/configfile /home/user/configfile

  then work on /home/user/configfile. /etc/configfile will, after this
  operation, have size 0 and hold nothing. It is at least possible to
  use it for denial of service, if services depend on configfiles and do
  not accept empty ones.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: bash 4.2-2ubuntu2
  Uname: Linux 3.4.10 x86_64
  ApportVersion: 2.0.1-0ubuntu13
  Architecture: amd64
  Date: Mon Sep 17 12:29:14 2012
  InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
  ProcEnviron:
   LANGUAGE=de_DE:en
   TERM=screen-bce
   PATH=(custom, user)
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: bash
  UpgradeStatus: Upgraded to precise on 2012-07-16 (62 days ago)
  modified.conffile..etc.bash.bashrc: [modified]
  modified.conffile..etc.skel..bashrc: [modified]
  mtime.conffile..etc.bash.bashrc: 2012-07-16T19:54:47.049684
  mtime.conffile..etc.skel..bashrc: 2012-07-16T19:42:08.188571

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1051901/+subscriptions

More information about the foundations-bugs mailing list