Bug 1282016 - inotifywait does not accept NULL as field separator when using the --format option
inotifywait does not accept NULL as field separator when using the --format o...
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: inotify-tools (Show other bugs)
el6
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Mark McKinstry
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-14 06:40 EST by g.danti
Modified: 2017-01-01 19:14 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description g.danti 2015-11-14 06:40:33 EST
Description of problem:
inotifywait does not accept NULL as field separator when using the --format option. This means that specially crafted, malicious filenames (for example, filename with newline char) can be used to hijack 3d party code relying on inotifywait.

For example, think about a replication services that use inotifywait to know what events/files to replicate on a remote server. Using a malicious filename with an embedded newline and deleting it, the remote server will replicate a wrong (and potentially very dangerous) delete event.

See here for more details: https://github.com/rvoicilas/inotify-tools/issues/20

Version-Release number of selected component (if applicable):
all

How reproducible:
embed a newline in a monitored filename

Steps to Reproduce:
1. create a file with a newline embedded in its name (eg: touch '/tmp/test
this'
2. use inotifywait to monitor a directory (eg: inotifywait -m -r /tmp)
3. delete the file
4. the resulting inotify event will be split in two different row

Actual results:
the resulting inotify event will be split in two different row, exposing wrong events/filename to application reading from inotifywait (eg: using a pipe)

Expected results:
using a NULL char as field separator, inotifywait will be invulnerable to malicious filename (as NULL is an invalid char for filenames in about all filesystems)

Additional info:
https://github.com/rvoicilas/inotify-tools/issues/20

Note You need to log in before you can comment on or make changes to this bug.