On 11/10/09 4:45 PM, Pawel Jakub Dawidek wrote: > Hi. > > There was important bug in ZFS replay code. If there were setattr logs > (not related to permission change) in ZIL during unclean shutdown, one > can end up with files that have mode set to 07777. > > This is very dangerous, especially if you have untrusted local users, as > this will set setuid bit on such files. Note that FreeBSD will remove > setuid bits when someone will try to modify the file, but it is still > dangerous. > > You can locate such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 ls -ld > > You can locate and fix such files with the following command: > > # find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-t I just noticed this fix didn't make it into 8.0, I just had an 8.0-RELEASE-p1 machine crash and come back with a bunch of 07777 files. Maybe this should be documented as an errata or security advisory. BarryReceived on Thu Dec 10 2009 - 17:27:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC