Your message dated Sat, 05 Sep 2009 16:17:08 +0000
with message-id <[email protected]>
and subject line Bug#408042: fixed in aoetools 30-2
has caused the Debian Bug report #408042,
regarding possible security problems while loading aoe module
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
408042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: aoetools
Version: 11-1.2
Severity: Important
Hi,
The way the aoe module is loaded looks wrong. The init script reads the
list of interfaces where to look for aoe devices from
/etc/default/aoetools but it is not passed to the module (the aoe_iflist
parameter). The aoe-discover uses this list though, which might someone
think that it behave correctly.
I think that this is an important bug because it has security
implications. This module parameter controls which interfaces are
considered for aoe traffic and I guess that that traffic would go below
a typical layer 3 firewall. So without restricting the interfaces, one
might spoof the whole thing despite admins taking the precaution to
install a seperate physical interface.
So, my fix would be:
* if INTERFACES=="none" do not load the module at all
* if INTERFACES=="all" load the module without aoe_iflist
* otherwise, marshall the list into aoe_iflist
Also, rmmod the module at shutdown might be good. That might limitate
the number of broken thing happening when a filesystem is not mounted
the right way (no _netdev). Which a sync on every device reported by
aoe-stat just before a call to rmmod will not prevent the filesystem
from being reported dirty, but at least it would have less things lost
to the cache.
thanks
jacques
PS: I agree that adding an option in modprobe.d for the aoe module would
lead to the right behavior. I just think that having twice the same list
in 2 different files is a source of issues, in addition, the call to
aoe-stat kinda hides the problem.
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: aoetools
Source-Version: 30-2
We believe that the bug you reported is fixed in the latest version of
aoetools, which is due to be installed in the Debian FTP archive:
aoetools_30-2.diff.gz
to pool/main/a/aoetools/aoetools_30-2.diff.gz
aoetools_30-2.dsc
to pool/main/a/aoetools/aoetools_30-2.dsc
aoetools_30-2_amd64.deb
to pool/main/a/aoetools/aoetools_30-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Martínez Moreno <[email protected]> (supplier of updated aoetools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 05 Sep 2009 18:12:34 +0200
Source: aoetools
Binary: aoetools
Architecture: source amd64
Version: 30-2
Distribution: unstable
Urgency: low
Maintainer: David Martínez Moreno <[email protected]>
Changed-By: David Martínez Moreno <[email protected]>
Description:
aoetools - tools to assist in using ATA over Ethernet
Closes: 408042 492905
Changes:
aoetools (30-2) unstable; urgency=low
.
* When loading the kernel module, marshal into the module the list of
interfaces that we want to run AoE over. This fixes an obscure security
problem where AoE traffic could go over a different interface than the
one specified by the administrator (closes: #408042). Thanks, Jacques
Normand for the explanation and Juan Céspedes for the patch.
* debian/rules: Rewrote some part in order to be more verbose and solve
the case when no volume is mounted. Thanks, Ferenc Wagner (closes:
#492905).
Checksums-Sha1:
6d543502e2f8dd7bfb66781f2d3d057b83840e86 973 aoetools_30-2.dsc
9831041def0fbd9d5b62c35a9ccaaa8d377a4c1c 6921 aoetools_30-2.diff.gz
abfd7755113d48298d65f82701dad8237bffabdc 34828 aoetools_30-2_amd64.deb
Checksums-Sha256:
8363b1353b206ac8bf7952d0387e847b701d6e74ebcb076d88bf4d5345ef88ef 973
aoetools_30-2.dsc
0a6d941213f686cb149cdb9756f97bdc0f19bc022af1b3e02faee7cad49cfaf5 6921
aoetools_30-2.diff.gz
2b8001fb69f2006d314c08b7683a716ab032a64e31ad901f2c50953209c588ac 34828
aoetools_30-2_amd64.deb
Files:
bd9efc6922d1f07c77bf6873ec462366 973 admin optional aoetools_30-2.dsc
8a912bd62345c164ef41d7d0621c4b89 6921 admin optional aoetools_30-2.diff.gz
7f52fac8933af323c329646f6b663136 34828 admin optional aoetools_30-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqijkgACgkQWs/EhA1iABur9gCgi3KUTyCtx/bVZ5yESB7xeSjm
qLMAoKoSxhlpv7zBfPs2u6LGAbuWGS/1
=Dj8a
-----END PGP SIGNATURE-----
--- End Message ---
