[Bug 328334] [NEW] cpio does not exit non-zero when errors encountered, mkinitramfs masks error codes

Kees Cook kees at ubuntu.com
Thu Feb 12 01:01:39 UTC 2009 

Public bug reported:

Binary package hint: cpio

It seems that cpio does not actually use the error codes it sets while
running, and always exits with 0.  This will break anything that expects
cpio to fail if it encounter problems.  This is especially a problem for update-initramfs:

from mkinitramfs:
(cd "${DESTDIR}" && find . | cpio --quiet --dereference -o -H newc | gzip >"${outfile}") || exit 1

Basically, this would only fail if there was a problem writing outfile,
and doesn't fail if there are problems dereferencing symlinks.  As a
result, totally broken initramfs images can be created if things happen
to be missing from the filesystem (there was a system that built
initramfs images while /sbin/udevadm was missing, e.g.).

Additionally, the pipe to gzip causes any error codes from cpio to be
ignored.

** Affects: cpio (Ubuntu)
     Importance: Medium
         Status: New

** Affects: initramfs-tools (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: cpio (Debian)
     Importance: Unknown
         Status: Unknown

** Changed in: cpio (Ubuntu)
   Importance: Undecided => Medium

** Bug watch added: Debian Bug tracker #514936
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514936

** Also affects: cpio (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514936
   Importance: Unknown
       Status: Unknown

** Also affects: initramfs-tools (Ubuntu)
   Importance: Undecided
       Status: New

** Summary changed:

- does not exit non-zero when errors encountered
+ cpio does not exit non-zero when errors encountered, mkinitramfs masks error codes

** Description changed:

  Binary package hint: cpio
  
  It seems that cpio does not actually use the error codes it sets while
  running, and always exits with 0.  This will break anything that expects
  cpio to fail if it encounter problems.  This is especially a problem for update-initramfs:
  
  from mkinitramfs:
  (cd "${DESTDIR}" && find . | cpio --quiet --dereference -o -H newc | gzip >"${outfile}") || exit 1
  
  Basically, this would only fail if there was a problem writing outfile,
  and doesn't fail if there are problems dereferencing symlinks.  As a
  result, totally broken initramfs images can be created if things happen
  to be missing from the filesystem (there was a system that built
  initramfs images while /sbin/udevadm was missing, e.g.).
+ 
+ Additionally, the pipe to gzip causes any error codes from cpio to be
+ ignored.

-- 
cpio does not exit non-zero when errors encountered, mkinitramfs masks error codes
https://bugs.launchpad.net/bugs/328334
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to initramfs-tools in ubuntu.

More information about the kernel-bugs mailing list