From owner-cvs-src@FreeBSD.ORG  Thu Nov 10 14:50:05 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AE93316A41F;
	Thu, 10 Nov 2005 14:50:05 +0000 (GMT)
	(envelope-from gbergling@0xfce3.net)
Received: from einhorn.in-berlin.de (einhorn.in-berlin.de [192.109.42.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D5A1743D45;
	Thu, 10 Nov 2005 14:50:04 +0000 (GMT)
	(envelope-from gbergling@0xfce3.net)
X-Envelope-From: gbergling@0xfce3.net
Received: from node26.0xfce3.net (port-212-202-34-7.dynamic.qsc.de
	[212.202.34.7]) (authenticated bits=128)
	by einhorn.in-berlin.de (8.12.10/8.12.10/Debian-4) with ESMTP id
	jAAEntU4014364
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 10 Nov 2005 15:49:58 +0100
Received: from node26.0xfce3.net (localhost [127.0.0.1])
	by node26.0xfce3.net (8.13.4/8.13.4) with ESMTP id jAAEnr7V000975;
	Thu, 10 Nov 2005 15:49:53 +0100 (CET)
	(envelope-from gbergling@0xfce3.net)
Received: (from gordon@localhost)
	by node26.0xfce3.net (8.13.4/8.13.4/Submit) id jAAEnqhN000974;
	Thu, 10 Nov 2005 15:49:52 +0100 (CET)
	(envelope-from gbergling@0xfce3.net)
X-Authentication-Warning: node26.0xfce3.net: gordon set sender to
	gbergling@0xfce3.net using -f
Date: Thu, 10 Nov 2005 15:49:51 +0100
From: Gordon Bergling <gbergling@0xfce3.net>
To: "Simon L. Nielsen" <simon@FreeBSD.org>
Message-ID: <20051110144951.GA888@node26.0xfce3.net>
References: <200511092203.jA9M3omu013054@repoman.freebsd.org>
	<20051110130406.GA832@node26.0xfce3.net>
	<20051110131624.GC32410@eddie.nitro.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
Content-Disposition: inline
In-Reply-To: <20051110131624.GC32410@eddie.nitro.dk>
X-Url: <http://www.0xfce3.net/>
X-Operating-System: FreeBSD 6.0-RELEASE i386
X-Host-Uptime: 3:44PM  up 9 mins, 2 users, load averages: 0.49, 0.35, 0.19
User-Agent: Mutt/1.5.11
X-Spam-Score: (0.485) AWL,BAYES_05,FORGED_RCVD_HELO,HELO_DYNAMIC_DHCP
X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8
Cc: Doug White <dwhite@FreeBSD.org>, Gordon Bergling <gbergling@0xfce3.net>,
	src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern vfs_subr.c src/sys/fs/devfs
	devfs_vnops.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2005 14:50:06 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Thus spake Simon L. Nielsen (simon@FreeBSD.org):
> On 2005.11.10 14:04:06 +0100, Gordon Bergling wrote:
> > * Thus spake Doug White (dwhite@FreeBSD.org):
> > > dwhite      2005-11-09 22:03:50 UTC
> > > 
> > >   FreeBSD src repository
> > > 
> > >   Modified files:
> > >     sys/kern             vfs_subr.c 
> > >     sys/fs/devfs         devfs_vnops.c 
> > >   Log:
> > >   This is a workaround for a complicated issue involving VFS cookies and devfs.
> > >   The PR and patch have the details. The ultimate fix requires architectural
> > >   changes and clarifications to the VFS API, but this will prevent the system
> > >   from panicking when someone does "ls /dev" while running in a shell under the
> > >   linuxulator.
> > >   
> > >   This issue affects HEAD and RELENG_6 only.
> > >   
> > >   PR:             88249
> > >   Submitted by:   "Devon H. O'Dell" <dodell@ixsystems.com>
> > >   MFC after:      3 days
> > >   
> > >   Revision  Changes    Path
> > >   1.128     +24 -0     src/sys/fs/devfs/devfs_vnops.c
> > >   1.652     +4 -0      src/sys/kern/vfs_subr.c
> > 
> > Could this be MFC'ed to RELENG_6_0, too? I think its also a security
> > risk on shell servers, where linux emulation is installed and the server
> > runs 6.0-RELEASE.
> 
> How is it a security risk?  Because local users can panic the system
> or are there more significant risks?

Yes, my only concern is that local users could crash the box with a
one liner. It would also possible that remote users could do this via a
misconfigure web server. But that shouldn't be a problem here.

> Note: We do not issue Security Advisories for local DoS
> vulnerabilities, but it could be MFC'ed as an errata, but it requires
> that the change has been in RELENG_6 for a while before that can be
> done.

I wasn't aware about not issueing local DoS vulnerbilities. An errata
MFC whould also be sufficient. ;)

I think I'll update my boxes to RELENG_6, when the fix was MFC'ed.

best regards,

	Gordon

- -- 
Gordon Bergling <GBergling at 0xfce3.net>	      http://www.0xFCE3.net/
PGP Fingerprint:  7732 9BB1 5013 AE8B E42C  28E0 93B9 D32B C76F 02A0
RIPE-HDL: MDTP-RIPE			"There is no place like 127.0.0.0/8"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDc14Mk7nTK8dvAqARAsYAAKDB6ZsHZRl3nc149QRggRzqHylYrACfZw0J
dt9pqg+JPVLPI/UsjJmtkUU=
=vgIo
-----END PGP SIGNATURE-----