Linus Torvalds Blasts Case-Insensitive Filesystems
Linux creator Linus Torvalds published a scathing critique of case-insensitive filesystem implementations on LKML, calling them a 'catastrophic mistake' that creates serious security vulnerabilities through Unicode ignorable code points.
Linus Torvalds today, in his characteristically direct and blunt manner, spoke out about filesystems with case folding support (case-insensitive files and directories).
The occasion was a problem with case folding support in Bcachefs, discovered this week and already having a fix for Linux 6.15. Linus wrote an enormous message on the Linux kernel mailing list (LKML), laying out his opinion on the case folding implementation.
It's worth noting that the Bcachefs case folding issue isn't the first for Linux: there had already been bugs related to handling emoji and other special Unicode characters.
"The only takeaway here is that filesystem developers never learn. Case-insensitive names are a catastrophic mistake that should never have been allowed in the first place. The problem isn't insufficient testing — the problem is that you decided to implement it at all.
Then the situation gets even worse when people try to 'do it right' — something that fundamentally cannot be done right. The result is even worse: arbitrary bytes start being used as 'magic' values.
And by the way, the tests are completely broken too. The last time I looked at them, they didn't cover the truly interesting cases — the ones that can lead to user-space vulnerabilities.
For example, vulnerabilities like this: a user-space application checks that a filename doesn't match some safe pattern. But a filesystem with 'case-insensitivity' still allows bypassing this check — because the people implementing case-insensitivity ALWAYS do things like ignoring non-printable characters and so on. So 'case-insensitivity' turns into 'insensitivity to god-knows-what.'
For examples, look at the commits:
5c26d2f1d3f5 ('unicode: Don't special case ignorable code points')
and
231825b2e1ff ('Revert: unicode: Don't special case ignorable code points')
— and weep.
Hint: ❤ and ❤️ are two different Unicode characters, differing only by 'ignorable' code points. And guess what? The insane, incompetent developers who want these two characters to be treated as the same — accidentally make other (possibly security-related) filenames be treated as the same — simply because they contain these ignorable characters.
As a result, every application that filters paths to avoid touching certain directories — can be tricked into working with files it was supposed to avoid. And no, this behavior isn't rare or unusual; it's standard practice: many programs rely on such checks.
Damn it. Case-insensitivity is a BUG. The fact that filesystem developers still consider it a feature is beyond me. It's as if they so adore the ancient FAT filesystem that they can't help but try to recreate it — only worse."
FAQ
What is this article about in one sentence?
This article explains the core idea in practical terms and focuses on what you can apply in real work.
Who is this article for?
It is written for engineers, technical leaders, and curious readers who want a clear, implementation-focused explanation.
What should I read next?
Use the related articles below to continue with closely connected topics and concrete examples.
