ZFS .zfs DoS
krichy at cflinux.hu
krichy at cflinux.hu
Mon Jan 20 15:30:38 UTC 2014
Dear users,
I've worked out a patch for my known issues, please somebody test them,
and give recommendations, fixes.
Regards,
2014-01-17 03:11 időpontban Richard Kojedzinszky ezt írta:
> Dear users,
>
> For a long time now I've been investigating problems relating FreeBSD
> ZFS .zfs handling, and found that I am not enough to fix issues. Until
> fixes arrive, unfortunately a regular user can DoS a FreeBSD system
> which has ZFS filesystems with the attached script. While the script
> expects a snapshot argument to be given, actually the first test case
> does not need that, only a mounted zfs filesystem is enough. For more
> of the tests a snapshot may be needed, and later ones need root
> account also.
>
> I would recommend that until this gets rewritten or fixed at all, one
> should disable access to .zfs at all with someting like I've attached.
>
> Regards,
> Kojedzinszky Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gfs-4.patch
Type: text/x-diff
Size: 11842 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140120/916ae9ee/attachment.patch>
More information about the freebsd-security
mailing list