ZFS bug - candidate for Security Advisory?
Michal
ml at infosec.pl
Tue Dec 15 07:43:39 UTC 2009
Hello,
On 10/11/2009 in "HEADS UP: Important bug fix in ZFS replay code!" post
on freebsd-fs PJD wrote:
"There was important bug in ZFS replay code. If there were setattr logs
(not related to permission change) in ZIL during unclean shutdown, one
can end up with files that have mode set to 07777.
This is very dangerous, especially if you have untrusted local users, as
this will set setuid bit on such files. Note that FreeBSD will remove
setuid bits when someone will try to modify the file, but it is still
dangerous."
It is not fixed in 8.0 as I got bitten by this bug just recently (and
other users report it on freebsd-fs). In my case it was about ten files
in /var/www, / and two users home directory.
Is it feasible to issue a SA and warn people? As far as I understand PJD
post it's got important security implications. I'm wondering how many
systems are sitting out there with bunch of 7777 files all over the
place because administrator/user is not following freebsd-fs.
Cheers, Michal
--
"There cannot be a crisis next week. My schedule is already full."
-Henry Kissinger
More information about the freebsd-security
mailing list