lib/43109: rump_ffs does not enforce permissions

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/43109: rump_ffs does not enforce permissions
From: jld%panix.com@localhost
Date: Sun, 4 Apr 2010 00:15:00 +0000 (UTC)

>Number:         43109
>Category:       lib
>Synopsis:       rump_ffs does not enforce permissions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 04 00:15:00 +0000 2010
>Originator:     Jed Davis
>Release:        NetBSD 5.0_STABLE
>Organization:
>Environment:
System: NetBSD planetarium.xlerb.net 5.0_STABLE NetBSD 5.0_STABLE (PLANETAR64) 
#0: Sat Jan 30 14:45:38 EST 2010 
jld%planetarium.xlerb.net@localhost:/bag/srcs/netbsd-5/sys/arch/amd64/compile/PLANETAR64
 amd64
Architecture: x86_64
Machine: amd64
>Description:

rump_ffs -- and probably all the other p2k filesystems -- does not
enforce filesystem permissions.  While the man page does indicate that 
"[i]t is currently considered experimental", it also states that "[a]part
from a minor speed penalty ... there is no difference to using in-kernel
code", and a lack of permissions is a definite difference.

>How-To-Repeat:

newfs -F -s 1M img
mkdir mnt
rump_ffs img mnt
sudo -u nobody -s
cd mnt
cp /bin/sh ./
chown root sh
chmod 4755 sh
./sh
whoami

>Fix:
No idea.

Prev by Date: Re: kern/39904
Next by Date: kern/43110: "modload null" but "modunload nullfs"?
Previous by Thread: Re: kern/42550 (possible year2038 problem in MI todr(9))
Next by Thread: kern/43110: "modload null" but "modunload nullfs"?
Indexes:

Home | Main Index | Thread Index | Old Index