Author: pjd
Date: Tue May 31 07:02:49 2011
New Revision: 222518
URL: http://svn.freebsd.org/changeset/base/222518
Log:
Imagine situation where a security problem is found in setuid binary.
User upgrades his system to fix the problem, but if he has any ZFS snapshots
for the file system which contains problematic binary, any user can mount the
snapshot and execute vulnerable binary.
Prevent this from happening by always mounting snapshots with setuid turned
off.
MFC after: 2 weeks
Modified:
head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue May 31
05:00:45 2011 (r222517)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Tue May 31
07:02:49 2011 (r222518)
@@ -172,6 +172,11 @@ mount_snapshot(kthread_t *td, vnode_t **
*/
mp->mnt_flag |= MNT_RDONLY;
/*
+ * We don't want snapshots to allow access to vulnerable setuid
+ * programs, so we turn off setuid when mounting snapshots.
+ */
+ mp->mnt_flag |= MNT_NOSUID;
+ /*
* We don't want snapshots to be visible in regular
* mount(8) and df(1) output.
*/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
