From owner-freebsd-security@FreeBSD.ORG Fri Dec 25 12:23:52 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6458F1065672 for ; Fri, 25 Dec 2009 12:23:52 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 2F7E28FC0A for ; Fri, 25 Dec 2009 12:23:52 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id C36B146B09; Fri, 25 Dec 2009 07:23:51 -0500 (EST) Date: Fri, 25 Dec 2009 12:23:51 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Michal In-Reply-To: <4B273E20.80101@infosec.pl> Message-ID: References: <4B273E20.80101@infosec.pl> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: ZFS bug - candidate for Security Advisory? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Dec 2009 12:23:52 -0000 On Tue, 15 Dec 2009, Michal wrote: > On 10/11/2009 in "HEADS UP: Important bug fix in ZFS replay code!" post on > freebsd-fs PJD wrote: "There was important bug in ZFS replay code. If there > were setattr logs (not related to permission change) in ZIL during unclean > shutdown, one can end up with files that have mode set to 07777. This is > very dangerous, especially if you have untrusted local users, as this will > set setuid bit on such files. Note that FreeBSD will remove setuid bits when > someone will try to modify the file, but it is still dangerous." Hi Michal-- The fix didn't make 8.0 due to timing, but has been in the queue for the forthcoming first errata notice for 8.0. After a bit of discussion over the last few days, I believe we have decided to upgrade it to a security advisory, which should go out between Christmas and New Years (with any luck). It is an important fix, and making it a security advisory instead of just part of the errata set will give it more exposure to ensure users install it. Making it an advisory will also allow it to float free of the errata set in case that's delayed further for some reason (there are about 4-6 fixes in the set and we plan to do them as a single notice fairly soon). So look for something soon in this department. Thanks for the e-mail, Robert N M Watson Computer Laboratory University of Cambridge > > It is not fixed in 8.0 as I got bitten by this bug just recently (and other > users report it on freebsd-fs). In my case it was about ten files in > /var/www, / and two users home directory. > Is it feasible to issue a SA and warn people? As far as I understand PJD post > it's got important security implications. I'm wondering how many systems are > sitting out there with bunch of 7777 files all over the place because > administrator/user is not following freebsd-fs. > > Cheers, Michal > -- > "There cannot be a crisis next week. My schedule is already full." -Henry > Kissinger > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >