From owner-freebsd-security@FreeBSD.ORG Tue Dec 15 07:43:39 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C1721065672 for ; Tue, 15 Dec 2009 07:43:39 +0000 (UTC) (envelope-from ml@infosec.pl) Received: from v027580.home.net.pl (v027580.home.net.pl [89.161.156.148]) by mx1.freebsd.org (Postfix) with SMTP id 6F94B8FC12 for ; Tue, 15 Dec 2009 07:43:38 +0000 (UTC) Received: from 94-193-57-116.zone7.bethere.co.uk (94.193.57.116) (HELO [192.168.1.66]) by freeside.home.pl (89.161.156.148) with SMTP (IdeaSmtpServer v0.70) id c7149c3c61b5a0f6; Tue, 15 Dec 2009 08:43:38 +0100 Message-ID: <4B273E20.80101@infosec.pl> Date: Tue, 15 Dec 2009 07:43:28 +0000 From: Michal User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.5) Gecko/20091214 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: ZFS bug - candidate for Security Advisory? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2009 07:43:39 -0000 Hello, On 10/11/2009 in "HEADS UP: Important bug fix in ZFS replay code!" post on freebsd-fs PJD wrote: "There was important bug in ZFS replay code. If there were setattr logs (not related to permission change) in ZIL during unclean shutdown, one can end up with files that have mode set to 07777. This is very dangerous, especially if you have untrusted local users, as this will set setuid bit on such files. Note that FreeBSD will remove setuid bits when someone will try to modify the file, but it is still dangerous." It is not fixed in 8.0 as I got bitten by this bug just recently (and other users report it on freebsd-fs). In my case it was about ten files in /var/www, / and two users home directory. Is it feasible to issue a SA and warn people? As far as I understand PJD post it's got important security implications. I'm wondering how many systems are sitting out there with bunch of 7777 files all over the place because administrator/user is not following freebsd-fs. Cheers, Michal -- "There cannot be a crisis next week. My schedule is already full." -Henry Kissinger