58379 – "linux rescue" boot mounts dirty filesystems without checking them!

Bug 58379 - "linux rescue" boot mounts dirty filesystems without checking them!

Summary: "linux rescue" boot mounts dirty filesystems without checking them!

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	installer
Sub Component:
Version:	7.2
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Jeremy Katz
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-01-15 15:00 UTC by Jonathan Kamens
Modified:	2006-02-21 18:48 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-21 18:48:20 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jonathan Kamens 2002-01-15 15:00:49 UTC

If you boot the install CD and say "linux rescue" to bring up rescue mode, the
rescue mode will mount all of your filesystems without checking if they're dirty
or fsck'ing the ones that are!

This is extremely dangerous.  It caused me to trash my root filesystem recently
and I had to reinstall the whole thing from back up.  Surely when someone is
booting in rescue mode is exactly a time when it is likely that one or more of
their filesystems are dirty and hence should not be mounted without being
checked!

Comment 1 Jeremy Katz 2002-01-15 17:28:22 UTC

Some degree of overhaul is already being planned for rescue mode if we can find
the time to do so.

Comment 2 Jonathan Kamens 2002-01-15 17:30:58 UTC

I don't think this is an "if we can find the time" bug.  This bug makes it
trivially easy to trash a filesystem when trying to rescue a machine.  I think
something needs to be done.

Comment 3 Michael Fulbright 2002-01-16 20:37:57 UTC

Agreed it is certainly easy to trash a box if you have the equivalent of 'root'
access, which is what rescue mode does.  The user is notified that the
filesystems were mounted so it is not like its a hidden side-effect of running
rescue mode.

Also you can specify 'rescue nomount' and the automatic mounting will not occur.
We are going to try to have an interface to give the user more control over what
happens in rescue mode.

Comment 4 Jonathan Kamens 2002-01-17 02:50:20 UTC

Again, I really don't think you're recognizing the magnitude of this problem.

Sure, the user is notified that the filesystems are mounted.  But he is NOT
notified that they weren't checked!  And of course he will assume that they
were, since *in all other circumstances* filesystems are ALWAYS checked before
they are mounted.  There is no other component, as far as I know, of Red Hat
Linux which will allow a filesystem to be mounted dirty, short of the user
typing "mount" by hand, and that's certainly not what's happening here.

As for "rescue nomount", it's not documented anywhere on the screens you see
when you boot the CD, and if it's not documented there, it might as well not
exist.

Furthermore, the user probably WANTS the filesystems to be mounted, since how
can he fix whatever the problem is if the filesystems aren't mounted?  What he
WANTS is for the filesystems to be mounted *after being checked*.

Comment 5 Jeremy Katz 2002-02-27 00:21:47 UTC

Changed so that we verify the filesystem is clean before mounting it.  If dirty,
give the user the option to mount or not mount based on this information.

Comment 6 Red Hat Bugzilla 2006-02-21 18:48:20 UTC

Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.