[Bug 2027979] Re: won't warn neither prevent usage of « risky » characters in labels

[Theodore Ts'o]

In order for e2label to modify the file system label, you need to have
write access to the block device.   That means that a malicious user can
always directly modify the blockdevice (or just use a version of e2label
that doesn't have the proposed check).    Hence, this feature request
should not be considered a security feature.   This seems to be more of
a "protect a naive / clueless user who tries to set a file system label:
'Make money fa$t".

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to e2fsprogs in Ubuntu.
https://bugs.launchpad.net/bugs/2027979

Title:
  won't warn neither prevent usage of « risky » characters in labels

Status in e2fsprogs package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  if naming or renaming an EXT volume,

  e2label lets you use any character, including / or * or $ ( and
  probably others, like accented letters é è à )

  I'd expect at least a warning if such are to be found in a label name.

  Or better, it should not be possible to use those in label names.

  Example :

  a at p:~$ sudo e2label /dev/sdb12 /Ti\$*
  a at p:~$

  a at p:~$ sudo e2label /dev/sdb12
  /Ti$*
  a at p:~$

  a at p:~$ lsblk -fe7 | grep sdb12
  └─sdb12   ext4              1.0   /Ti$*             f583e9b0-f1de-438f-8da8-c1e070407628
  a at p:~$

  coming from https://forum.ubuntu-
  fr.org/viewtopic.php?pid=22692892#p22692892 ( french )

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/2027979/+subscriptions