removed file lists file that are also to be created
Bug #1382040 reported by
James Hunt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu system image |
New
|
Undecided
|
Unassigned | ||
Bug Description
The "removed" file can seemingly list files that are also about to be created.
For example, Core image r89 contains an entry for 'system/
This file is particularly problematic since iff the update was huge, there will then be a potentially measurable window between the deletion of /etc/shadow and it's recreation at the point of unpack. That would lead to DoS since no user can login within that window.
The fix would seem to be to only list files in "removed" that truly are to be removed (and never recreated as part of the impending unpack).
Revision history for this message
| Ondrej Kubik (ondrak) wrote | #1 |
Revision history for this message
| James Hunt (jamesodhunt) wrote | #2 |
To post a comment you must log in.
Not sure I understand description of this bug. System is not running during the update, entire update of system image is done in recovery mode, when phone boots from recovery ramdisk and mounts system partition in writable mode, but does not execute anything from that partition. Same goes for kernel and initrd, it's not executed in any way during update.
Can you specify what do you mean by "That would lead to DoS since no user can login within that window." Since Ubuntu running at all, user is able to log or connect to the phone during entire process anyway.