Date: Tue, 31 May 2011 07:02:49 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r222518 - head/sys/cddl/compat/opensolaris/kern Message-ID: <201105310702.p4V72n5H011816@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Tue May 31 07:02:49 2011 New Revision: 222518 URL: http://svn.freebsd.org/changeset/base/222518 Log: Imagine situation where a security problem is found in setuid binary. User upgrades his system to fix the problem, but if he has any ZFS snapshots for the file system which contains problematic binary, any user can mount the snapshot and execute vulnerable binary. Prevent this from happening by always mounting snapshots with setuid turned off. MFC after: 2 weeks Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c ============================================================================== --- head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue May 31 05:00:45 2011 (r222517) +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue May 31 07:02:49 2011 (r222518) @@ -172,6 +172,11 @@ mount_snapshot(kthread_t *td, vnode_t ** */ mp->mnt_flag |= MNT_RDONLY; /* + * We don't want snapshots to allow access to vulnerable setuid + * programs, so we turn off setuid when mounting snapshots. + */ + mp->mnt_flag |= MNT_NOSUID; + /* * We don't want snapshots to be visible in regular * mount(8) and df(1) output. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105310702.p4V72n5H011816>