From owner-svn-src-stable-8@FreeBSD.ORG Tue Jun 14 10:50:09 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 250EF106564A; Tue, 14 Jun 2011 10:50:09 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0FF188FC1C; Tue, 14 Jun 2011 10:50:02 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EAo1gh031287; Tue, 14 Jun 2011 10:50:01 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p5EAo19s031284; Tue, 14 Jun 2011 10:50:01 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201106141050.p5EAo19s031284@svn.freebsd.org> From: Martin Matuska Date: Tue, 14 Jun 2011 10:50:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r223075 - in stable/8/sys/cddl: compat/opensolaris/kern contrib/opensolaris/uts/common/fs/zfs X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2011 10:50:09 -0000 Author: mm Date: Tue Jun 14 10:50:01 2011 New Revision: 223075 URL: http://svn.freebsd.org/changeset/base/223075 Log: MFC 222343, 222518, 222835 MFC r222343 (pjd): Silence warnings about unsupoorted value types. MFC r222518 (pjd): Imagine situation where a security problem is found in setuid binary. User upgrades his system to fix the problem, but if he has any ZFS snapshots for the file system which contains problematic binary, any user can mount the snapshot and execute vulnerable binary. Prevent this from happening by always mounting snapshots with setuid turned off. MFC r222835: Silence notice on pool creation, import and access. Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c ============================================================================== --- stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c Tue Jun 14 10:50:01 2011 (r223075) @@ -113,8 +113,10 @@ sysevent_add_attr(sysevent_attr_list_t * } break; default: +#if 0 printf("%s: type %d is not implemented\n", __func__, se_value->value_type); +#endif break; } @@ -286,8 +288,10 @@ log_sysevent(sysevent_t *evp, int flag, break; } default: +#if 0 printf("%s: type %d is not implemented\n", __func__, nvpair_type(elem)); +#endif break; } } Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c ============================================================================== --- stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue Jun 14 10:50:01 2011 (r223075) @@ -172,6 +172,11 @@ mount_snapshot(kthread_t *td, vnode_t ** */ mp->mnt_flag |= MNT_RDONLY; /* + * We don't want snapshots to allow access to vulnerable setuid + * programs, so we turn off setuid when mounting snapshots. + */ + mp->mnt_flag |= MNT_NOSUID; + /* * We don't want snapshots to be visible in regular * mount(8) and df(1) output. */ Modified: stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c ============================================================================== --- stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Tue Jun 14 10:50:01 2011 (r223075) @@ -500,9 +500,11 @@ spa_history_log_version(spa_t *spa, hist utsname.nodename, utsname.release, utsname.version, utsname.machine); } +#if 0 cmn_err(CE_CONT, "!%s version %llu pool %s using %llu", event == LOG_POOL_IMPORT ? "imported" : event == LOG_POOL_CREATE ? "created" : "accessed", (u_longlong_t)current_vers, spa_name(spa), SPA_VERSION); #endif +#endif }