Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10017 closed bug (no change required)

Active packages can be modified

Reported by: jessicah Owned by: nobody
Priority: normal Milestone: R1
Component: - General Version: R1/Package Management
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All


E.g. dd if=/dev/zero of=/system/packages/haiku.hpkg leaves you with a broken Haiku installation. I couldn't even shutdown the system. And the system was no longer bootable (immediately dropped into the boot menu with no Haiku installs detected).

Change History (4)

comment:1 Changed 6 years ago by bonefish

Resolution: no change required
Status: newclosed

That's a feature, not a bug. As root you are supposed to be able to destroy your system with dd. It's just a question of using the proper output file. The system volume block device is a pretty solid bet, but I guess libc would suffice already.

comment:2 Changed 6 years ago by jessicah

Shouldn't package_daemon maintain an exclusive lock on active packages? Surely a flag like O_EXCL would negate such things from happening?

comment:3 Changed 6 years ago by anevilyak

If it did that, then the user would no longer be able to do things like easily uninstall packages via drag and drop. As stated before, it's not as if you can't just as easily torch the system a million other ways with dd, and always have been able to on BeOS, Haiku, Linux or pretty much any other *nix-like system, so this really isn't protecting you from anything.

Last edited 6 years ago by anevilyak (previous) (diff)

comment:4 Changed 6 years ago by bonefish

There is no kind of locking (on Haiku) that would prevent dd from overwriting a file. We only have advisory locking (fcntl(), flock()). Not sure if Unixes provide any other type -- at least I've never encountered a file I couldn't move, remove, or overwrite on Linux (unlike on Windows).

Note: See TracTickets for help on using tickets.