Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Nov 2005 14:16:25 +0100
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Gordon Bergling <gbergling@0xfce3.net>
Cc:        Doug White <dwhite@FreeBSD.org>, cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern vfs_subr.c src/sys/fs/devfs devfs_vnops.c
Message-ID:  <20051110131624.GC32410@eddie.nitro.dk>
In-Reply-To: <20051110130406.GA832@node26.0xfce3.net>
References:  <200511092203.jA9M3omu013054@repoman.freebsd.org> <20051110130406.GA832@node26.0xfce3.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--Y7xTucakfITjPcLV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.11.10 14:04:06 +0100, Gordon Bergling wrote:
> Hi,
>=20
> * Thus spake Doug White (dwhite@FreeBSD.org):
> > dwhite      2005-11-09 22:03:50 UTC
> >=20
> >   FreeBSD src repository
> >=20
> >   Modified files:
> >     sys/kern             vfs_subr.c=20
> >     sys/fs/devfs         devfs_vnops.c=20
> >   Log:
> >   This is a workaround for a complicated issue involving VFS cookies an=
d devfs.
> >   The PR and patch have the details. The ultimate fix requires architec=
tural
> >   changes and clarifications to the VFS API, but this will prevent the =
system
> >   from panicking when someone does "ls /dev" while running in a shell u=
nder the
> >   linuxulator.
> >  =20
> >   This issue affects HEAD and RELENG_6 only.
> >  =20
> >   PR:             88249
> >   Submitted by:   "Devon H. O'Dell" <dodell@ixsystems.com>
> >   MFC after:      3 days
> >  =20
> >   Revision  Changes    Path
> >   1.128     +24 -0     src/sys/fs/devfs/devfs_vnops.c
> >   1.652     +4 -0      src/sys/kern/vfs_subr.c
>=20
> Could this be MFC'ed to RELENG_6_0, too? I think its also a security
> risk on shell servers, where linux emulation is installed and the server
> runs 6.0-RELEASE.

How is it a security risk?  Because local users can panic the system
or are there more significant risks?

Note: We do not issue Security Advisories for local DoS
vulnerabilities, but it could be MFC'ed as an errata, but it requires
that the change has been in RELENG_6 for a while before that can be
done.

--=20
Simon L. Nielsen

--Y7xTucakfITjPcLV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDc0goh9pcDSc1mlERAvmiAKCD0al5SdB7yXJXWquVhvZEM+O3QwCfdRxv
dX4Es9Lh8HxlruL9gLOJNDA=
=iT6t
-----END PGP SIGNATURE-----

--Y7xTucakfITjPcLV--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051110131624.GC32410>