Bug 58379

Summary: "linux rescue" boot mounts dirty filesystems without checking them!
Product: [Retired] Red Hat Linux Reporter: Jonathan Kamens <jik>
Component: installerAssignee: Jeremy Katz <katzj>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: shishz
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:48:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jonathan Kamens 2002-01-15 15:00:49 UTC 
If you boot the install CD and say "linux rescue" to bring up rescue mode, the
rescue mode will mount all of your filesystems without checking if they're dirty
or fsck'ing the ones that are!

This is extremely dangerous.  It caused me to trash my root filesystem recently
and I had to reinstall the whole thing from back up.  Surely when someone is
booting in rescue mode is exactly a time when it is likely that one or more of
their filesystems are dirty and hence should not be mounted without being
checked!
Comment 1 Jeremy Katz 2002-01-15 17:28:22 UTC 
Some degree of overhaul is already being planned for rescue mode if we can find
the time to do so.
Comment 2 Jonathan Kamens 2002-01-15 17:30:58 UTC 
I don't think this is an "if we can find the time" bug.  This bug makes it
trivially easy to trash a filesystem when trying to rescue a machine.  I think
something needs to be done.
Comment 3 Michael Fulbright 2002-01-16 20:37:57 UTC 
Agreed it is certainly easy to trash a box if you have the equivalent of 'root'
access, which is what rescue mode does.  The user is notified that the
filesystems were mounted so it is not like its a hidden side-effect of running
rescue mode.

Also you can specify 'rescue nomount' and the automatic mounting will not occur.
We are going to try to have an interface to give the user more control over what
happens in rescue mode.
Comment 4 Jonathan Kamens 2002-01-17 02:50:20 UTC 
Again, I really don't think you're recognizing the magnitude of this problem.

Sure, the user is notified that the filesystems are mounted.  But he is NOT
notified that they weren't checked!  And of course he will assume that they
were, since *in all other circumstances* filesystems are ALWAYS checked before
they are mounted.  There is no other component, as far as I know, of Red Hat
Linux which will allow a filesystem to be mounted dirty, short of the user
typing "mount" by hand, and that's certainly not what's happening here.

As for "rescue nomount", it's not documented anywhere on the screens you see
when you boot the CD, and if it's not documented there, it might as well not
exist.

Furthermore, the user probably WANTS the filesystems to be mounted, since how
can he fix whatever the problem is if the filesystems aren't mounted?  What he
WANTS is for the filesystems to be mounted *after being checked*.
Comment 5 Jeremy Katz 2002-02-27 00:21:47 UTC 
Changed so that we verify the filesystem is clean before mounting it.  If dirty,
give the user the option to mount or not mount based on this information.
Comment 6 Red Hat Bugzilla 2006-02-21 18:48:20 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.