From owner-freebsd-current@FreeBSD.ORG  Tue Nov 10 22:45:32 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 09BE3106566B;
	Tue, 10 Nov 2009 22:45:32 +0000 (UTC)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (chello089077035009.chello.pl
	[89.77.35.9]) by mx1.freebsd.org (Postfix) with ESMTP id 657258FC16;
	Tue, 10 Nov 2009 22:45:30 +0000 (UTC)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 40F0945E49; Tue, 10 Nov 2009 23:45:29 +0100 (CET)
Received: from localhost (chello089077035009.chello.pl [89.77.35.9])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id 08C5E45CDC;
	Tue, 10 Nov 2009 23:45:23 +0100 (CET)
Date: Tue, 10 Nov 2009 23:45:24 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: freebsd-current@FreeBSD.org
Message-ID: <20091110224524.GC3194@garage.freebsd.pl>
References: <200911102227.nAAMRXTf073603@svn.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="w7PDEPdKQumQfZlR"
Content-Disposition: inline
In-Reply-To: <200911102227.nAAMRXTf073603@svn.freebsd.org>
User-Agent: Mutt/1.4.2.3i
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 9.0-CURRENT i386
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL 
	autolearn=no version=3.0.4
Cc: freebsd-fs@FreeBSD.org
Subject: HEADS UP: Important bug fix in ZFS replay code!
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 22:45:32 -0000


--w7PDEPdKQumQfZlR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi.

There was important bug in ZFS replay code. If there were setattr logs
(not related to permission change) in ZIL during unclean shutdown, one
can end up with files that have mode set to 07777.

This is very dangerous, especially if you have untrusted local users, as
this will set setuid bit on such files. Note that FreeBSD will remove
setuid bits when someone will try to modify the file, but it is still
dangerous.

You can locate such files with the following command:

	# find / -perm -7777 -print0 | xargs -0 ls -ld

You can locate and fix such files with the following command:

	# find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-t

On Tue, Nov 10, 2009 at 10:27:33PM +0000, Pawel Jakub Dawidek wrote:
> Author: pjd
> Date: Tue Nov 10 22:27:33 2009
> New Revision: 199157
> URL: http://svn.freebsd.org/changeset/base/199157
>=20
> Log:
>   Be careful which vattr fields are set during setattr replay.
>   Without this fix strange things can appear after unclean shutdown like
>   files with mode set to 07777.
>  =20
>   Reported by:	des
>   MFC after:	3 days
>=20
> Modified:
>   head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
>=20
> Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	Tue =
Nov 10 22:25:46 2009	(r199156)
> +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	Tue =
Nov 10 22:27:33 2009	(r199157)
> @@ -60,10 +60,14 @@ zfs_init_vattr(vattr_t *vap, uint64_t ma
>  {
>  	VATTR_NULL(vap);
>  	vap->va_mask =3D (uint_t)mask;
> -	vap->va_type =3D IFTOVT(mode);
> -	vap->va_mode =3D mode & MODEMASK;
> -	vap->va_uid =3D (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
> -	vap->va_gid =3D (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
> +	if (mask & AT_TYPE)
> +		vap->va_type =3D IFTOVT(mode);
> +	if (mask & AT_MODE)
> +		vap->va_mode =3D mode & MODEMASK;
> +	if (mask & AT_UID)
> +		vap->va_uid =3D (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
> +	if (mask & AT_GID)
> +		vap->va_gid =3D (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
>  	vap->va_rdev =3D zfs_cmpldev(rdev);
>  	vap->va_nodeid =3D nodeid;
>  }

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--w7PDEPdKQumQfZlR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFK+e0EForvXbEpPzQRAmJnAKDwdm/rs75bZuvUBuiCqRusQWaxAgCg0NWE
EJ16L2S+kqi3fsBxJPtIqNs=
=FH86
-----END PGP SIGNATURE-----

--w7PDEPdKQumQfZlR--