diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch new file mode 100644 index 0000000..06cd06c --- /dev/null +++ b/recipes-extended/glusterfs/files/0002-posix-disable-open-read-write-on-special-files.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 08dc006aac79ee1d1f6a5b7044fc973df7f00ed6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Tue, 25 Sep 2018 14:02:01 +0800 | ||
4 | Subject: [PATCH 2/7] posix: disable open/read/write on special files | ||
5 | |||
6 | In the file system, the responsibility w.r.to the block and char device | ||
7 | files is related to only support for 'creating' them (using mknod(2)). | ||
8 | |||
9 | Once the device files are created, the read/write syscalls for the specific | ||
10 | devices are handled by the device driver registered for the specific major | ||
11 | number, and depending on the minor number, it knows where to read from. | ||
12 | Hence, we are at risk of reading contents from devices which are handled | ||
13 | by the host kernel on server nodes. | ||
14 | |||
15 | By disabling open/read/write on the device file, we would be safe with | ||
16 | the bypass one can achieve from client side (using gfapi) | ||
17 | |||
18 | Fixes: bz#1625096 | ||
19 | |||
20 | Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f | ||
21 | Signed-off-by: Amar Tumballi <amarts@redhat.com> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | |||
25 | Fix CVE-2018-10923 | ||
26 | Modified to suite the old version of glusterfs. | ||
27 | |||
28 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
29 | --- | ||
30 | xlators/storage/posix/src/posix.c | 33 +++++++++++++++++++++++++++++++++ | ||
31 | 1 file changed, 33 insertions(+) | ||
32 | |||
33 | diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c | ||
34 | index b1a529b..506ae91 100644 | ||
35 | --- a/xlators/storage/posix/src/posix.c | ||
36 | +++ b/xlators/storage/posix/src/posix.c | ||
37 | @@ -3091,6 +3091,17 @@ posix_open (call_frame_t *frame, xlator_t *this, | ||
38 | priv = this->private; | ||
39 | VALIDATE_OR_GOTO (priv, out); | ||
40 | |||
41 | + if (loc->inode && | ||
42 | + ((loc->inode->ia_type == IA_IFBLK) || | ||
43 | + (loc->inode->ia_type == IA_IFCHR))) { | ||
44 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
45 | + P_MSG_INVALID_ARGUMENT, | ||
46 | + "open received on a block/char file (%s)", | ||
47 | + uuid_utoa (loc->inode->gfid)); | ||
48 | + op_errno = EINVAL; | ||
49 | + goto out; | ||
50 | + } | ||
51 | + | ||
52 | MAKE_INODE_HANDLE (real_path, this, loc, &stbuf); | ||
53 | if (!real_path) { | ||
54 | op_ret = -1; | ||
55 | @@ -3180,6 +3191,17 @@ posix_readv (call_frame_t *frame, xlator_t *this, | ||
56 | priv = this->private; | ||
57 | VALIDATE_OR_GOTO (priv, out); | ||
58 | |||
59 | + if (fd->inode && | ||
60 | + ((fd->inode->ia_type == IA_IFBLK) || | ||
61 | + (fd->inode->ia_type == IA_IFCHR))) { | ||
62 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
63 | + P_MSG_INVALID_ARGUMENT, | ||
64 | + "readv received on a block/char file (%s)", | ||
65 | + uuid_utoa (fd->inode->gfid)); | ||
66 | + op_errno = EINVAL; | ||
67 | + goto out; | ||
68 | + } | ||
69 | + | ||
70 | ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno); | ||
71 | if (ret < 0) { | ||
72 | gf_msg (this->name, GF_LOG_WARNING, op_errno, P_MSG_PFD_NULL, | ||
73 | @@ -3415,6 +3437,17 @@ posix_writev (call_frame_t *frame, xlator_t *this, fd_t *fd, | ||
74 | |||
75 | VALIDATE_OR_GOTO (priv, out); | ||
76 | |||
77 | + if (fd->inode && | ||
78 | + ((fd->inode->ia_type == IA_IFBLK) || | ||
79 | + (fd->inode->ia_type == IA_IFCHR))) { | ||
80 | + gf_msg (this->name, GF_LOG_ERROR, EINVAL, | ||
81 | + P_MSG_INVALID_ARGUMENT, | ||
82 | + "writev received on a block/char file (%s)", | ||
83 | + uuid_utoa (fd->inode->gfid)); | ||
84 | + op_errno = EINVAL; | ||
85 | + goto out; | ||
86 | + } | ||
87 | + | ||
88 | ret = posix_fd_ctx_get (fd, this, &pfd, &op_errno); | ||
89 | if (ret < 0) { | ||
90 | gf_msg (this->name, GF_LOG_WARNING, ret, P_MSG_PFD_NULL, | ||
91 | -- | ||
92 | 2.7.4 | ||
93 | |||