From owner-freebsd-security Thu Mar 6 23:19:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA21732 for security-outgoing; Thu, 6 Mar 1997 23:19:39 -0800 (PST) Received: from big-O.math.psu.edu (nbppp33.cac.psu.edu [128.118.140.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA21721; Thu, 6 Mar 1997 23:19:27 -0800 (PST) Received: (from tenser@localhost) by big-O.math.psu.edu (8.8.5/8.8.5) id CAA02781; Fri, 7 Mar 1997 02:13:57 -0500 (EST) Date: Fri, 7 Mar 1997 02:13:57 -0500 (EST) From: Dan Cross Message-Id: <199703070713.CAA02781@big-O.math.psu.edu> To: FreeBSD-gnats-submit@freebsd.org, security@freebsd.org Subject: Workaround for NFS filehandle bug. Reply-To: tenser@big-O.math.psu.edu X-send-pr-version: 3.2 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Submitter-Id: current-users >Originator: Dan Cross >Organization: Penn State University >Confidential: no >Synopsis: Fix for the NFS filehandle bug. >Severity: critical >Priority: high >Category: kern >Release: FreeBSD 3.0-CURRENT i386 >Class: change-request >Environment: This is from 3.0-current, kernel cvsup'ed as of today. >Description: Workaround for the NFS filehandle thingy. A better solution which really randomizes the filehandles would be better. :-) Then again, I shouldn't talk, since I'm not really all that familiar with the NFS implementation... This is basically what was in the advisory, but in diff format. >How-To-Repeat: See the BoS posting. >Fix: *** vfs_vnops.c 1997/02/22 09:39:36 1.30 --- vfs_vnops.c 1997/03/07 07:07:16 *************** *** 411,417 **** sb->st_ctimespec = vap->va_ctime; sb->st_blksize = vap->va_blocksize; sb->st_flags = vap->va_flags; ! sb->st_gen = vap->va_gen; #if (S_BLKSIZE == 512) /* Optimize this case */ sb->st_blocks = vap->va_bytes >> 9; --- 411,420 ---- sb->st_ctimespec = vap->va_ctime; sb->st_blksize = vap->va_blocksize; sb->st_flags = vap->va_flags; ! if (suser(p->p_ucred, &p->p_acflag)) ! sb->st_gen = 0; ! else ! sb->st_gen = vap->va_gen; #if (S_BLKSIZE == 512) /* Optimize this case */ sb->st_blocks = vap->va_bytes >> 9;