pavelmachek (pavelmachek) wrote,

Easiest way to corrupt ext2/3 filesystem

Step 1: Okay, this is /data partition, I want my user to be able to manipulate it. chown pavel.users /data.

Step 2: Hmm, I created some backup directories here, lets move them to common place.

cd /data; mkdir backup; mv * backup

(do you spot it now?)

Step 3: Verify the filesystem is still ok... it is not:

root@amd:~# time fsck -f /dev/sdb2
fsck 1.41.3 (12-Oct-2008)
e2fsck 1.41.3 (12-Oct-2008)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
/lost+found not found.  Create? no

Pass 3A: Optimizing directories

Pass 4: Checking reference counts
Pass 5: Checking group summary information

/dev/sdb2: ***** FILE SYSTEM WAS MODIFIED *****

/dev/sdb2: ********** WARNING: Filesystem still has errors **********

Now... essentialy unpriviledged user "corrupted" my filesystem. Was I too stupid to give him access? Should missing /lost+found not be treated as filesystem error? Should kernel refuse users rm-ing /lost+found? Should maybe lost+found be named .lost+found, so the "corruption" is not as easy to trigger?

In retrospect, yes I should have expected it. But... did you spot it after step 2?

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.