Date: Tue, 14 Jun 2011 10:50:01 +0000 (UTC) From: Martin Matuska <mm@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r223075 - in stable/8/sys/cddl: compat/opensolaris/kern contrib/opensolaris/uts/common/fs/zfs Message-ID: <201106141050.p5EAo19s031284@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mm Date: Tue Jun 14 10:50:01 2011 New Revision: 223075 URL: http://svn.freebsd.org/changeset/base/223075 Log: MFC 222343, 222518, 222835 MFC r222343 (pjd): Silence warnings about unsupoorted value types. MFC r222518 (pjd): Imagine situation where a security problem is found in setuid binary. User upgrades his system to fix the problem, but if he has any ZFS snapshots for the file system which contains problematic binary, any user can mount the snapshot and execute vulnerable binary. Prevent this from happening by always mounting snapshots with setuid turned off. MFC r222835: Silence notice on pool creation, import and access. Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c ============================================================================== --- stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_sysevent.c Tue Jun 14 10:50:01 2011 (r223075) @@ -113,8 +113,10 @@ sysevent_add_attr(sysevent_attr_list_t * } break; default: +#if 0 printf("%s: type %d is not implemented\n", __func__, se_value->value_type); +#endif break; } @@ -286,8 +288,10 @@ log_sysevent(sysevent_t *evp, int flag, break; } default: +#if 0 printf("%s: type %d is not implemented\n", __func__, nvpair_type(elem)); +#endif break; } } Modified: stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c ============================================================================== --- stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue Jun 14 10:50:01 2011 (r223075) @@ -172,6 +172,11 @@ mount_snapshot(kthread_t *td, vnode_t ** */ mp->mnt_flag |= MNT_RDONLY; /* + * We don't want snapshots to allow access to vulnerable setuid + * programs, so we turn off setuid when mounting snapshots. + */ + mp->mnt_flag |= MNT_NOSUID; + /* * We don't want snapshots to be visible in regular * mount(8) and df(1) output. */ Modified: stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c ============================================================================== --- stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Tue Jun 14 10:49:18 2011 (r223074) +++ stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa_history.c Tue Jun 14 10:50:01 2011 (r223075) @@ -500,9 +500,11 @@ spa_history_log_version(spa_t *spa, hist utsname.nodename, utsname.release, utsname.version, utsname.machine); } +#if 0 cmn_err(CE_CONT, "!%s version %llu pool %s using %llu", event == LOG_POOL_IMPORT ? "imported" : event == LOG_POOL_CREATE ? "created" : "accessed", (u_longlong_t)current_vers, spa_name(spa), SPA_VERSION); #endif +#endif }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106141050.p5EAo19s031284>