Closed qkaiser closed 5 months ago
As indicated by the great @e3krisztian:
This can happen if we have
r
, but notx
permission for a directory: its content can be enumerated (read) as names, but access to details (inode) is restricted.
Being taken care of at https://github.com/onekey-sec/e2fsprogs/pull/8
The Origins
I'm not exactly sure if the root of the problem lies in the file we got or in the way
debugfs
is implemented, but we end up with a directory that looks like this afterdebugfs
stopped shouting at us that it failed changing ownership.Command "Design"
debugfs
implements two dumping commands:dump
ordump_inode
: works on filesrdump
: works on directoriesThe two interfaces differ:
The
-p
parameter indump_inode
corresponds topreserve
, a mode in whichdebugfs
will do its best to preserve permissions and ownership of the files.The problem is that
rdump
does not expose such a flag and implicitly considers thepreserve
flag to be set to 1. Inrdump_inode
, the following call is made:With the definition of being:
So we have two problems here:
dump_file
done byrdump_inode
with an implicitpreserve
flag is really bad designFix ?
A naive fix is this one:
But the
rdump
interface must be modified to accept apreserve
flag so that we can explicitly tell it not to preserve with unblob.