Fwd: Re: ZFS .zfs DoS
krichy at cflinux.hu
krichy at cflinux.hu
Tue Jan 21 15:58:03 UTC 2014
A new version of the ZFS/GFS patch, fixing possible leaks.
Please someone comment.
2014-01-20 20:21 időpontban krichy at cflinux.hu ezt írta:
> -------- Eredeti üzenet --------
> Tárgy: Re: ZFS .zfs DoS
> Dátum: 2014-01-20 16:30
> Feladó: krichy at cflinux.hu
> Címzett: Richard Kojedzinszky <krichy at cflinux.hu>
> Másolat: freebsd-fs at freebsd.org, freebsd-security at freebsd.org
>
> Dear users,
>
> I've worked out a patch for my known issues, please somebody test
> them, and give recommendations, fixes.
>
> Regards,
>
> 2014-01-17 03:11 időpontban Richard Kojedzinszky ezt írta:
>> Dear users,
>>
>> For a long time now I've been investigating problems relating FreeBSD
>> ZFS .zfs handling, and found that I am not enough to fix issues. Until
>> fixes arrive, unfortunately a regular user can DoS a FreeBSD system
>> which has ZFS filesystems with the attached script. While the script
>> expects a snapshot argument to be given, actually the first test case
>> does not need that, only a mounted zfs filesystem is enough. For more
>> of the tests a snapshot may be needed, and later ones need root
>> account also.
>>
>> I would recommend that until this gets rewritten or fixed at all, one
>> should disable access to .zfs at all with someting like I've attached.
>>
>> Regards,
>> Kojedzinszky Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gfs-4.patch
Type: text/x-diff
Size: 10845 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/zfs-devel/attachments/20140121/2c82d6e6/attachment.patch>
More information about the zfs-devel
mailing list