# Testing an issue with case-insensitive enabled Disclaim: better visualized using a markdown render Note: This documentation was made as an effort to reproduce the PoC for CVE-2024-32002 in a Linux system. Check [1] for more detail about the PoC. ## Create a loop device Create a file to be your block device ```bash $ dd if=/dev/zero of=filename bs=1024 count=51200 ``` After the filename was created with blocks of 1024 size in total of ~51M. Now check which loop device is available: ```bash $ losetup -f # output example: /dev/loop19 ``` Create the block device with the available loop device ```bash losetup /dev/loop19 filename # where filename is the block file you created using dd ``` ## Case-insensitive This feature was added in kernel 5.2. If you want to be sure your system supports it, try this: ```bash cat /sys/fs/ext4/features/casefold # ouput: supported ``` Once checked that it is supported now you need to mount the file system with that feature. ```bash mkfs -t ext4 -O casefold /dev/loop19 # create using mkdir the poc directory where you'll mount it in /mnt/poc # remember to set the permissions if you don't want to use root all the time # chown -R your_user:your_user_group poc # e.g: chown -R leosilva:leosilva poc mount -t ext4 /dev/loop19 /mnt/poc # check if was mounted df -h /dev/loop19 # check that device/fs supports case insensitive looking for # Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent 64bit flex_bg casefold <-- sudo tune2fs -l /dev/loop19 ``` Now you have a folder set with that file system mounted. To enable case insensitive in a folder you need to: ```bash chattr +F directory ``` If you want to check which directory is case-insensitive supported: ```bash lsattr . # output: ----------------F--- directory ``` ## References [1] https://amalmurali.me/posts/git-rce/ [2] https://www.collabora.com/news-and-blog/blog/2020/08/27/using-the-linux-kernel-case-insensitive-feature-in-ext4/ [3] https://dzone.com/articles/loop-device-in-linux