Date: Tue, 31 May 2011 07:02:49 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/cddl/compat/opensolaris/kern opensolaris_vfs.c Message-ID: <201105310703.p4V73DcX038474@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2011-05-31 07:02:49 UTC
FreeBSD src repository
Modified files:
sys/cddl/compat/opensolaris/kern opensolaris_vfs.c
Log:
SVN rev 222518 on 2011-05-31 07:02:49Z by pjd
Imagine situation where a security problem is found in setuid binary.
User upgrades his system to fix the problem, but if he has any ZFS snapshots
for the file system which contains problematic binary, any user can mount the
snapshot and execute vulnerable binary.
Prevent this from happening by always mounting snapshots with setuid turned off.
MFC after: 2 weeks
Revision Changes Path
1.19 +5 -0 src/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105310703.p4V73DcX038474>