Date: Thu, 10 Nov 2005 15:49:51 +0100 From: Gordon Bergling <gbergling@0xfce3.net> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: Doug White <dwhite@FreeBSD.org>, Gordon Bergling <gbergling@0xfce3.net>, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/kern vfs_subr.c src/sys/fs/devfs devfs_vnops.c Message-ID: <20051110144951.GA888@node26.0xfce3.net> In-Reply-To: <20051110131624.GC32410@eddie.nitro.dk> References: <200511092203.jA9M3omu013054@repoman.freebsd.org> <20051110130406.GA832@node26.0xfce3.net> <20051110131624.GC32410@eddie.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Thus spake Simon L. Nielsen (simon@FreeBSD.org): > On 2005.11.10 14:04:06 +0100, Gordon Bergling wrote: > > * Thus spake Doug White (dwhite@FreeBSD.org): > > > dwhite 2005-11-09 22:03:50 UTC > > > > > > FreeBSD src repository > > > > > > Modified files: > > > sys/kern vfs_subr.c > > > sys/fs/devfs devfs_vnops.c > > > Log: > > > This is a workaround for a complicated issue involving VFS cookies and devfs. > > > The PR and patch have the details. The ultimate fix requires architectural > > > changes and clarifications to the VFS API, but this will prevent the system > > > from panicking when someone does "ls /dev" while running in a shell under the > > > linuxulator. > > > > > > This issue affects HEAD and RELENG_6 only. > > > > > > PR: 88249 > > > Submitted by: "Devon H. O'Dell" <dodell@ixsystems.com> > > > MFC after: 3 days > > > > > > Revision Changes Path > > > 1.128 +24 -0 src/sys/fs/devfs/devfs_vnops.c > > > 1.652 +4 -0 src/sys/kern/vfs_subr.c > > > > Could this be MFC'ed to RELENG_6_0, too? I think its also a security > > risk on shell servers, where linux emulation is installed and the server > > runs 6.0-RELEASE. > > How is it a security risk? Because local users can panic the system > or are there more significant risks? Yes, my only concern is that local users could crash the box with a one liner. It would also possible that remote users could do this via a misconfigure web server. But that shouldn't be a problem here. > Note: We do not issue Security Advisories for local DoS > vulnerabilities, but it could be MFC'ed as an errata, but it requires > that the change has been in RELENG_6 for a while before that can be > done. I wasn't aware about not issueing local DoS vulnerbilities. An errata MFC whould also be sufficient. ;) I think I'll update my boxes to RELENG_6, when the fix was MFC'ed. best regards, Gordon - -- Gordon Bergling <GBergling at 0xfce3.net> http://www.0xFCE3.net/ PGP Fingerprint: 7732 9BB1 5013 AE8B E42C 28E0 93B9 D32B C76F 02A0 RIPE-HDL: MDTP-RIPE "There is no place like 127.0.0.0/8" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDc14Mk7nTK8dvAqARAsYAAKDB6ZsHZRl3nc149QRggRzqHylYrACfZw0J dt9pqg+JPVLPI/UsjJmtkUU= =vgIo -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051110144951.GA888>