Red Hat Bugzilla – Bug 289111
CVE-2007-4849 jffs2 doesn't preserve permissions
Last modified: 2007-10-10 07:09:54 EDT
JFFS2 does not perserve directory permissions across reboots when using a custom
Most probably a impact=low for Enterprise Linux if we're affected at all
in RHEL-4, there's no support for ACL in JFFS2. I've tested using a script I
attached in BZ#297811 and couldn't reproduce the problem. There's support for ACL
in RHEL-5 but it's not enabled (ACL support depends on XATTR and
CONFIG_JFFS2_FS_XATTR is disabled in RHEL-5). I've run the same script on RHEL-5
and even repeated the test in http://dev.laptop.org/ticket/2732 and couldn't
reproduce the problem. Unless I'm missing something, I believe we can close the
RHEL-4/RHEL-5 bugs (not sure about RHEL-2/RHEL-3).
Thanks Aristeu; I've closed tracking bugs for RHEL4 and RHEL5 as they are not
affected by the issue.
JFFS2 is not enabled in RHEL-3 kernel. BZ#297791 can be closed too.
Same on RHEL2.1 - JFFS2 is not enabled.
All bugs in the dependency tree are now closed/NOTABUG.
JFFS2 is enabled in RHEL2.1, ia64 version. There's no support for ACL, so it's
unlikely it affects this version too. I'm trying to get a ia64 box with RHEL2.1
installed in RHTS to use the same set of scripts I've used in RHEL-4/RHEL-5 but
no luck so far.
Hi Aristeu -
Are you certain that JFFS2 is enabled in rhel2.1-ia64? I don't see it in
config-generic, nor do I see the jffs2 module in the -e.65 kernel rpm.
Am I missing something?
My bad. I was looking in RHEL-2.1-ia64 branch in CVS.
Not vulnerable. There is no support for jffs2 in the Linux kernel as
distributed with Red Hat Enterprise Linux 2.1 or 3. There is no ACL support for
jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5.