Bug 289111 (CVE-2007-4849)

Summary: CVE-2007-4849 jffs2 doesn't preserve permissions
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: unspecifiedCC: anton, arozansk, dhoward, dwmw2, dzickus, jbaron, kernel-mgr, kreilly, vmayatsk
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-10 11:09:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 297781, 297791, 297801, 297811, 297821, 297831    
Bug Blocks:    

Description Mark J. Cox 2007-09-13 11:36:52 UTC 
JFFS2 does not perserve directory permissions across reboots when using a custom
/sbin/init.

http://dev.laptop.org/ticket/2732
http://git.infradead.org/?p=mtd-2.6.git;a=commitdiff;h=9ed437c50d89eabae763dd422579f73fdebf288d

Most probably a impact=low for Enterprise Linux if we're affected at all
(awaiting triage)
Comment 2 Aristeu Rozanski 2007-09-21 13:37:45 UTC 
Mark,
in RHEL-4, there's no support for ACL in JFFS2. I've tested using a script I
attached in BZ#297811 and couldn't reproduce the problem. There's support for ACL
in RHEL-5 but it's not enabled (ACL support depends on XATTR and
CONFIG_JFFS2_FS_XATTR is disabled in RHEL-5). I've run the same script on RHEL-5
and even repeated the test in http://dev.laptop.org/ticket/2732 and couldn't
reproduce the problem. Unless I'm missing something, I believe we can close the
RHEL-4/RHEL-5 bugs (not sure about RHEL-2/RHEL-3).
Comment 3 Mark J. Cox 2007-09-24 10:06:13 UTC 
Thanks Aristeu; I've closed tracking bugs for RHEL4 and RHEL5 as they are not
affected by the issue.
Comment 4 Aristeu Rozanski 2007-10-02 13:27:45 UTC 
Mark,
JFFS2 is not enabled in RHEL-3 kernel. BZ#297791 can be closed too.
Comment 5 Don Howard 2007-10-02 23:24:33 UTC 
Same on RHEL2.1 - JFFS2 is not enabled.  

All bugs in the dependency tree are now closed/NOTABUG.
Comment 6 Aristeu Rozanski 2007-10-05 15:50:16 UTC 
JFFS2 is enabled in RHEL2.1, ia64 version. There's no support for ACL, so it's
unlikely it affects this version too. I'm trying to get a ia64 box with RHEL2.1
installed in RHTS to use the same set of scripts I've used in RHEL-4/RHEL-5 but
no luck so far.
Comment 7 Don Howard 2007-10-05 17:54:38 UTC 
Hi Aristeu -

Are you certain that JFFS2 is enabled in rhel2.1-ia64? I don't see it in
config-generic, nor do I see the jffs2 module in the -e.65 kernel rpm.  

Am I missing something?
Comment 8 Aristeu Rozanski 2007-10-05 18:22:20 UTC 
My bad. I was looking in RHEL-2.1-ia64 branch in CVS.
Comment 9 Mark J. Cox 2007-10-10 11:09:54 UTC 
Not vulnerable.  There is no support for jffs2 in the Linux kernel as
distributed with Red Hat Enterprise Linux 2.1 or 3.  There is no ACL support for
jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5.