Date: Thu, 10 Dec 2009 12:12:14 -0600 From: Barry Pederson <bp@barryp.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-fs@FreeBSD.org, freebsd-current@FreeBSD.org Subject: Re: HEADS UP: Important bug fix in ZFS replay code! Message-ID: <4B2139FE.8020200@barryp.org> In-Reply-To: <20091110224524.GC3194@garage.freebsd.pl> References: <200911102227.nAAMRXTf073603@svn.freebsd.org> <20091110224524.GC3194@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/10/09 4:45 PM, Pawel Jakub Dawidek wrote: > Hi. > > There was important bug in ZFS replay code. If there were setattr logs > (not related to permission change) in ZIL during unclean shutdown, one > can end up with files that have mode set to 07777. > > This is very dangerous, especially if you have untrusted local users, as > this will set setuid bit on such files. Note that FreeBSD will remove > setuid bits when someone will try to modify the file, but it is still > dangerous. > > You can locate such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 ls -ld > > You can locate and fix such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-t I just noticed this fix didn't make it into 8.0, I just had an 8.0-RELEASE-p1 machine crash and come back with a bunch of 07777 files. Maybe this should be documented as an errata or security advisory. Barry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B2139FE.8020200>