Bug 289111 (CVE-2007-4849)
Summary: | CVE-2007-4849 jffs2 doesn't preserve permissions | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | anton, arozansk, dhoward, dwmw2, dzickus, jbaron, kernel-mgr, kreilly, vmayatsk |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-10-10 11:09:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 297781, 297791, 297801, 297811, 297821, 297831 | ||
Bug Blocks: |
Description
Mark J. Cox
2007-09-13 11:36:52 UTC
Mark, in RHEL-4, there's no support for ACL in JFFS2. I've tested using a script I attached in BZ#297811 and couldn't reproduce the problem. There's support for ACL in RHEL-5 but it's not enabled (ACL support depends on XATTR and CONFIG_JFFS2_FS_XATTR is disabled in RHEL-5). I've run the same script on RHEL-5 and even repeated the test in http://dev.laptop.org/ticket/2732 and couldn't reproduce the problem. Unless I'm missing something, I believe we can close the RHEL-4/RHEL-5 bugs (not sure about RHEL-2/RHEL-3). Thanks Aristeu; I've closed tracking bugs for RHEL4 and RHEL5 as they are not affected by the issue. Mark, JFFS2 is not enabled in RHEL-3 kernel. BZ#297791 can be closed too. Same on RHEL2.1 - JFFS2 is not enabled. All bugs in the dependency tree are now closed/NOTABUG. JFFS2 is enabled in RHEL2.1, ia64 version. There's no support for ACL, so it's unlikely it affects this version too. I'm trying to get a ia64 box with RHEL2.1 installed in RHTS to use the same set of scripts I've used in RHEL-4/RHEL-5 but no luck so far. Hi Aristeu - Are you certain that JFFS2 is enabled in rhel2.1-ia64? I don't see it in config-generic, nor do I see the jffs2 module in the -e.65 kernel rpm. Am I missing something? My bad. I was looking in RHEL-2.1-ia64 branch in CVS. Not vulnerable. There is no support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 2.1 or 3. There is no ACL support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5. |