cvs commit: src/sys/kern vfs_subr.c src/sys/fs/devfs devfs_vnops.c

Gordon Bergling gbergling at 0xfce3.net
Thu Nov 10 14:50:06 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Thus spake Simon L. Nielsen (simon at FreeBSD.org):
> On 2005.11.10 14:04:06 +0100, Gordon Bergling wrote:
> > * Thus spake Doug White (dwhite at FreeBSD.org):
> > > dwhite      2005-11-09 22:03:50 UTC
> > > 
> > >   FreeBSD src repository
> > > 
> > >   Modified files:
> > >     sys/kern             vfs_subr.c 
> > >     sys/fs/devfs         devfs_vnops.c 
> > >   Log:
> > >   This is a workaround for a complicated issue involving VFS cookies and devfs.
> > >   The PR and patch have the details. The ultimate fix requires architectural
> > >   changes and clarifications to the VFS API, but this will prevent the system
> > >   from panicking when someone does "ls /dev" while running in a shell under the
> > >   linuxulator.
> > >   
> > >   This issue affects HEAD and RELENG_6 only.
> > >   
> > >   PR:             88249
> > >   Submitted by:   "Devon H. O'Dell" <dodell at ixsystems.com>
> > >   MFC after:      3 days
> > >   
> > >   Revision  Changes    Path
> > >   1.128     +24 -0     src/sys/fs/devfs/devfs_vnops.c
> > >   1.652     +4 -0      src/sys/kern/vfs_subr.c
> > 
> > Could this be MFC'ed to RELENG_6_0, too? I think its also a security
> > risk on shell servers, where linux emulation is installed and the server
> > runs 6.0-RELEASE.
> 
> How is it a security risk?  Because local users can panic the system
> or are there more significant risks?

Yes, my only concern is that local users could crash the box with a
one liner. It would also possible that remote users could do this via a
misconfigure web server. But that shouldn't be a problem here.

> Note: We do not issue Security Advisories for local DoS
> vulnerabilities, but it could be MFC'ed as an errata, but it requires
> that the change has been in RELENG_6 for a while before that can be
> done.

I wasn't aware about not issueing local DoS vulnerbilities. An errata
MFC whould also be sufficient. ;)

I think I'll update my boxes to RELENG_6, when the fix was MFC'ed.

best regards,

	Gordon

- -- 
Gordon Bergling <GBergling at 0xfce3.net>	      http://www.0xFCE3.net/
PGP Fingerprint:  7732 9BB1 5013 AE8B E42C  28E0 93B9 D32B C76F 02A0
RIPE-HDL: MDTP-RIPE			"There is no place like 127.0.0.0/8"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDc14Mk7nTK8dvAqARAsYAAKDB6ZsHZRl3nc149QRggRzqHylYrACfZw0J
dt9pqg+JPVLPI/UsjJmtkUU=
=vgIo
-----END PGP SIGNATURE-----

More information about the cvs-src mailing list