Debian Bug report logs - #313081
find -follow: infinite loop with symlinks to ./

version graph

Package: findutils; Maintainer for findutils is Andreas Metzler <ametzler@debian.org>; Source for findutils is src:findutils (PTS, buildd, popcon).

Reported by: "Huang, Zhangrong" <hzhrong@gmail.com>

Date: Sat, 11 Jun 2005 18:48:02 UTC

Severity: serious

Tags: confirmed, fixed-upstream, security

Found in version 4.2.20-2

Fixed in version findutils/4.2.22-1

Done: Andreas Metzler <ametzler@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=13381

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Andreas Metzler <ametzler@debian.org>:
Bug#313081; Package findutils. (full text, mbox, link).


Acknowledgement sent to "Huang, Zhangrong" <hzhrong@gmail.com>:
New Bug report received and forwarded. Copy sent to Andreas Metzler <ametzler@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Huang, Zhangrong" <hzhrong@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: findutils sucks dpkg-scanpackages
Date: Sun, 12 Jun 2005 02:34:02 +0800
Package: findutils
Version: 4.2.20-2
Severity: normal

I set-up a local deb repository for myself, wrote a simple script to
generate the Packages file, say
$ cat update-here
dpkg-scanpackages . /dev/null > Packages
gzip -f Packages

Now I upgrade findutils to 4.2.20-2, when I run this script,

$ sh update-here

seems find is trying to eat up all of my memory and swap, then the system is
becoming not useable.

PS: dpkg-scanpackages comes from dpkg-dev.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8)

Versions of packages findutils depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#313081; Package findutils. (full text, mbox, link).


Acknowledgement sent to Andreas Metzler <ametzler@debian.org>:
Extra info received and forwarded to list. (full text, mbox, link).


Message #10 received at 313081@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@debian.org>
To: "Huang, Zhangrong" <hzhrong@gmail.com>, 313081@bugs.debian.org
Subject: Re: Bug#313081: findutils sucks dpkg-scanpackages
Date: Sun, 12 Jun 2005 09:49:32 +0200
On 2005-06-11 "Huang, Zhangrong" <hzhrong@gmail.com> wrote:
> Package: findutils
> Version: 4.2.20-2
> Severity: normal

> I set-up a local deb repository for myself, wrote a simple script to
> generate the Packages file, say
> $ cat update-here
> dpkg-scanpackages . /dev/null > Packages
> gzip -f Packages

> Now I upgrade findutils to 4.2.20-2, when I run this script,

> $ sh update-here

> seems find is trying to eat up all of my memory and swap, then the system is
> becoming not useable.

> PS: dpkg-scanpackages comes from dpkg-dev.

Hello,
can you find out what is eating up all your memory (with ps, top,
whatever)? dpkg-scanpackages will simply invoke

find ./ -follow -name '*.deb' -print

does this command trigger the strange behavior on your system?

BTW what filesystem are you using?
                cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/



Tags added: moreinfo Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Andreas Metzler <ametzler@debian.org>:
Bug#313081; Package findutils. (full text, mbox, link).


Acknowledgement sent to "Huang, Zhangrong" <hzhrong@gmail.com>:
Extra info received and forwarded to list. Copy sent to Andreas Metzler <ametzler@debian.org>. (full text, mbox, link).


Message #17 received at 313081@bugs.debian.org (full text, mbox, reply):

From: "Huang, Zhangrong" <hzhrong@gmail.com>
To: Andreas Metzler <ametzler@debian.org>
Cc: 313081@bugs.debian.org
Subject: Re: Bug#313081: findutils sucks dpkg-scanpackages
Date: Sun, 12 Jun 2005 23:05:33 +0800
Hi,
I think I knew the reason now.

On 6/12/05, Andreas Metzler <ametzler@debian.org> wrote:
> 
> Hello,
> can you find out what is eating up all your memory (with ps, top,
> whatever)? dpkg-scanpackages will simply invoke
> 
> find ./ -follow -name '*.deb' -print
> 
> does this command trigger the strange behavior on your system?

Yes, it is.
Forgot to show you the deb repository directory struct, there are some 
dirs linked to ./,

$ pwd
/var/cache/apt-build/repository
$ ls -l dists
lrwxrwxrwx  1 root src 1 2004-06-03 00:54 dists -> .
$ ls -l main
lrwxrwxrwx  1 root src 1 2004-06-03 00:54 main -> .
$ ls -l stable
lrwxrwxrwx  1 root src 1 2004-06-03 00:54 stable -> .

Command
 find ./ -name '*.deb' -print
works fine, but if I add the '-follow' parameter, it happens again.

So, It's a bug of find, if a directory contains a sub-directory linked to ./, 
find ./ -follow will be going to infinite loop.
That's why find eat up all my memory.

Version 4.1.20-6 has no this problem, so I fallback to.
Could you please have a look at it?
Thanks.

> 
> BTW what filesystem are you using?
>                 cu andreas
> --
>



Tags added: confirmed Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Tags removed: moreinfo Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Changed Bug title. Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Noted your statement that Bug has been forwarded to http://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=13381. Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Severity set to `serious'. Request was from Andreas Metzler <ametzler@downhill.aus.cc> to control@bugs.debian.org. (full text, mbox, link).


Message sent on to "Huang, Zhangrong" <hzhrong@gmail.com>:
Bug#313081. (full text, mbox, link).


Message #30 received at 313081-submitter@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <savannah-bounces@gnu.org>
To: 313081-submitter@bugs.debian.org, Andreas Metzler <gnu@downhill.at.eu.org>, bug-findutils@gnu.org
Subject: [bug #13381] infinite loop with -follow.
Date: Sun, 12 Jun 2005 17:17:49 +0000
URL:
  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=13381>

                 Summary: infinite loop with -follow.
                 Project: findutils
            Submitted by: ametzler
            Submitted on: Son 12.06.2005 um 17:17
                Category: find
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
                 Release: None
           Fixed Release: None

    _______________________________________________________

Details:

Hello,

this was found by Zhangrong Huang in http://bugs.debian.org/313081

mkdir testingfindagain
ln -s . testingfindagain/symlink

now 
find testingfindagain -follow
will generate an endless loop. (For testing I suggest piping into head -c 200,
otherwise you might trigger OOM)

This was introduced between 4.2.18 and 4.2.19 (when changing find.c from r1.72
 to r1.73). 4.2.x up to 4.2.18 will output this and exit:

find: Symbolic link `testingfindagain/symlink' is
 part of a loop in the directory hierarchy; we have already visited the
directory to which it points.
testingfindagain
testingfindagain/symlink

              cu andreas



    _______________________________________________________

Carbon-Copy List:

CC Address                          | Comment
------------------------------------+-----------------------------
313081-submitter@bugs.debian.org    | original bugsubmitter




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=13381>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/




Message sent on to "Huang, Zhangrong" <hzhrong@gmail.com>:
Bug#313081. (full text, mbox, link).


Message #33 received at 313081-submitter@bugs.debian.org (full text, mbox, reply):

From: James Youngman <savannah-bounces@gnu.org>
To: 313081-submitter@bugs.debian.org, Andreas Metzler <gnu@downhill.at.eu.org>, James Youngman <jay@gnu.org>, bug-findutils@gnu.org
Subject: [bug #13381] infinite loop with -follow.
Date: Sun, 12 Jun 2005 21:05:46 +0000
Update of bug #13381 (project findutils):

                Severity:              3 - Normal => 6 - Security           
                  Status:                    None => Fixed                  
             Assigned to:                    None => jay                    

    _______________________________________________________

Follow-up Comment #1:

NB: THIS BUG IS A SECURITY HOLE (denial of "updatedb" service by users,
possibly denial of service to security checks based on find).  Please note the
list of affected versions of findutils.

The problem was introduced because safely_chdir() in find.c now sometimes
avoids needing to stat the destination directory, and so stat_buf was left
unpopulated.  This problem is fixed by the attached patch, which has been
committed into the development code.   The scope of the security problem
extends only to the indefinite loop, the problem does not result in users
being able to persuade find to process parts of the filesystem that should be
excluded.

Having said this, this bug only occurs if the "-L" option was used, which
normally should not be the case with any security checks - because they should
not follow symbolic links, in general.

The next release of findutils will include this fix.  The NEWS file will
outline the severity of the problem.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=13381>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




Message sent on to "Huang, Zhangrong" <hzhrong@gmail.com>:
Bug#313081. (full text, mbox, link).


Message #36 received at 313081-submitter@bugs.debian.org (full text, mbox, reply):

From: James Youngman <savannah-bounces@gnu.org>
To: 313081-submitter@bugs.debian.org, Andreas Metzler <gnu@downhill.at.eu.org>, James Youngman <jay@gnu.org>, bug-findutils@gnu.org
Subject: [bug #13381] infinite loop with -follow.
Date: Sun, 12 Jun 2005 22:42:55 +0000
Update of bug #13381 (project findutils):

             Open/Closed:                    Open => Closed                 
                 Release:                    None => 4.2.19                 
           Fixed Release:                    None => 4.2.22                 

    _______________________________________________________

Follow-up Comment #2:

You can download a release of findutils in which this problem is
fixed from ftp://alpha.gnu.org/gnu/findutils.

The releases on alpha.gnu.org are for testing purposes, so please
take the time to download the release and verify that your
problem has been solved.  Once the release has been sufficiently
tested, it can be uploaded to ftp.gnu.org for everybody to use it.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=13381>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




Tags added: security Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Reply sent to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to "Huang, Zhangrong" <hzhrong@gmail.com>:
Bug acknowledged by developer. (full text, mbox, link).


Message #43 received at 313081-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@debian.org>
To: 313081-close@bugs.debian.org
Subject: Bug#313081: fixed in findutils 4.2.22-1
Date: Mon, 13 Jun 2005 15:47:34 -0400
Source: findutils
Source-Version: 4.2.22-1

We believe that the bug you reported is fixed in the latest version of
findutils, which is due to be installed in the Debian FTP archive:

findutils_4.2.22-1.diff.gz
  to pool/main/f/findutils/findutils_4.2.22-1.diff.gz
findutils_4.2.22-1.dsc
  to pool/main/f/findutils/findutils_4.2.22-1.dsc
findutils_4.2.22-1_i386.deb
  to pool/main/f/findutils/findutils_4.2.22-1_i386.deb
findutils_4.2.22.orig.tar.gz
  to pool/main/f/findutils/findutils_4.2.22.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 313081@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated findutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 13 Jun 2005 19:39:46 +0200
Source: findutils
Binary: findutils
Architecture: source i386
Version: 4.2.22-1
Distribution: unstable
Urgency: low
Maintainer: Andreas Metzler <ametzler@debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description: 
 findutils  - utilities for finding files--find, xargs, and locate
Closes: 208307 301934 311384 312760 312761 313081
Changes: 
 findutils (4.2.22-1) unstable; urgency=low
 .
   * New upstream version
     - fixes infinite loop of "find -follow" on trees with symlinks to ./.
       (Closes: #313081)
     - better documentation for %k and %d printf directives. (Closes: #208307)
     - find filters out non-printable characters (which could mess up the
       terminal) when printing the output to a console. (Closes: #311384)
     - Typo fixes. (Closes: #301934, #312760, #312761) (Thanks, A Costa.)
Files: 
 84b082128b8f4b109efed4749d7d322e 662 base required findutils_4.2.22-1.dsc
 81ef043fbc9203f03225d0dc7f6cb2ec 972905 base required findutils_4.2.22.orig.tar.gz
 8612990949c3c1e82ea102cf856059ab 12261 base required findutils_4.2.22-1.diff.gz
 df01940ef18ccd6996366396b1b26b7b 304976 base required findutils_4.2.22-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCrdHJHTOcZYuNdmMRAoe1AJ43bqjSDvNOFYEWrqGFMxmoh/fdMgCeO46A
NvtVymuuVlQJXpfkZnHYAU4=
=T/Ar
-----END PGP SIGNATURE-----




Message sent on to "Huang, Zhangrong" <hzhrong@gmail.com>:
Bug#313081. (full text, mbox, link).


Message #46 received at 313081-submitter@bugs.debian.org (full text, mbox, reply):

From: anonymous <savannah-bounces@gnu.org>
To: 313081-submitter@bugs.debian.org, Andreas Metzler <gnu@downhill.at.eu.org>, James Youngman <jay@gnu.org>, bug-findutils@gnu.org
Subject: [bug #13381] infinite loop with -follow.
Date: Mon, 20 Jun 2005 06:46:02 +0000
Follow-up Comment #3, bug #13381 (project findutils):

Followup - this isn't a denial of updatedb service because updatedb  does not
use -follow or -L.  However, the problem is significant from a security
perspective in other contexts.

Once again, -L should not be used in security-sensitive environments in any
case.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=13381>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




Tags added: fixed-upstream Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 18:20:45 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Dec 23 16:45:07 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.