From owner-announce-jp@jp.FreeBSD.org Fri Aug  9 14:15:23 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g795FNw45118;
	Fri, 9 Aug 2002 14:15:23 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <20020809.135057.18305793.hrs@eos.ocn.ne.jp>
To: announce-jp@jp.FreeBSD.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200208052348.g75NmbIS097274@freefall.freebsd.org>
References: <200208052348.g75NmbIS097274@freefall.freebsd.org>
X-Mailer: Mew version 2.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 09 Aug 2002 13:50:57 +0900
X-Sequence: announce-jp 1031
Subject: Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:35.ffs
Errors-To: owner-announce-jp@jp.FreeBSD.org
Sender: owner-announce-jp@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020808


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-02:35.ffs (2002-08-05)
 * local users may read and write arbitrary blocks on an FFS filesystem
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:35.ffs
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Mon, 5 Aug 2002 16:48:37 -0700 (PDT)
  Message-Id: <200208052348.g75NmbIS097274@freefall.freebsd.org>
  X-Sequence: announce-jp 1027

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-02:35.ffs                                        Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:       $B%m!<%+%k%f!<%6$,(B FFS $B%U%!%$%k%7%9%F%`>e$NG$0U$N%V%m%C%/$r(B
                $BFI$_=q$-$G$-$kLdBj(B
                (local users may read and write arbitrary blocks on
                an FFS filesystem)

$BJ,N`(B:           core
$B%b%8%e!<%k(B:     kernel
$B9pCNF|(B:         2002-08-05
$B%/%l%8%C%H(B:     Matt Dillon <dillon@FreeBSD.org>,
                Ian Dowse <iedowse@FreeBSD.org>,
                Tor Egge <tegge@FreeBSD.org>
$B1F6AHO0O(B:       4.6.1-RELEASE-p4 $B$r4^$`!"$=$l0JA0$N$9$Y$F$N(B FreeBSD $B%j%j!<%9(B
                $B=$@5F|$h$jA0$N(B 4.6-STABLE
$B=$@5F|(B:         2002-06-23 22:34:52 UTC (RELENG_4)
                2002-07-31 17:55:22 UTC (RELENG_4_6)
                2002-07-31 17:55:11 UTC (RELENG_4_5)
                2002-07-31 17:54:57 UTC (RELENG_4_4)
FreeBSD $B$K8GM-$+(B:       YES


I.   $BGX7J(B - Background

Berkeley Fast File System (FFS) $B$O!"(BFreeBSD $B$,%G%U%)%k%H$G;HMQ$7$F$$$k(B
$B%U%!%$%k%7%9%F%`$G$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

FFS $B$K$*$1$k:GBg5vMF%U%!%$%k%5%$%:$N7W;;$K%P%0$,$"$j!"%f!<%6$O(B
FreeBSD $B$N2>A[%a%b%j%7%9%F%`$N=hM}8B3&$rD6$($kBg$-$5$N%U%!%$%k$r(B
$B:n@.$9$k$3$H$,2DG=$G$9!#$=$N$h$&$J%U%!%$%k$X%"%/%;%9$7$?>l9g!"(B
$B@0?t%G!<%?$N1i;;$G%*!<%P%U%m!<$,H/@8$7!"%U%!%$%k%7%9%F%`$N%a%?%G!<%?$,(B
$B%f!<%6%U%!%$%kCf$K%^%C%W$5$l$F$7$^$$$^$9!#$3$l$rMxMQ$9$k$H!"(B
$B%U%!%$%k%7%9%F%`$NG$0U$N%V%m%C%/$K%"%/%;%9$9$k$3$H$,2DG=$K$J$j$^$9!#(B

$B$3$N%P%0$O!"(Bi386 $B%"!<%-%F%/%A%c>e$G$O%V%m%C%/%5%$%:$,(B 16k $B%P%$%H0J>e!"(B
alpha $B%"!<%-%F%/%A%c>e$G$O%V%m%C%/%5%$%:$,(B 32k $B%P%$%H0J>e$N(B FFS
$B%U%!%$%k%7%9%F%`$G$N$_!"LdBj$H$J$j$^$9!#$^$?!"%U%!%$%k%7%9%F%`>e$K(B
6 $B%V%m%C%/0J>e$NL$;HMQ6u4V$,$"$j!"0l$D$N%U%!%$%k$K=q$-9~$_%"%/%;%9$,(B
$B2DG=$G$"$k$H$$$&>r7o$,>/$J$/$H$bI,MW$K$J$j$^$9!#(B

FreeBSD FFS $B%U%!%$%k%7%9%F%`$N%G%U%)%k%H%V%m%C%/%5%$%:$O!"$9$Y$F$N(B
$B%"!<%-%F%/%A%c$K$*$$$F(B 4.5-RELEASE $B$N8x3+D>A0$K(B 8k $B$+$i(B 16k $B$K(B
$BJQ99$5$l$^$7$?!#(B


III. $B1F6AHO0O(B - Impact

$B%m!<%+%k$N967b<T$O!"C1=c$K%U%!%$%k%7%9%F%`$rGK2u$7$F%5!<%S%9K832$r(B
$B9T$J$&$3$H$,$G$-$k2DG=@-$,$"$j$^$9!#$^$?!"%m!<%+%k%U%!%$%k%7%9%F%`$N(B
$BG$0U$N%U%!%$%k$KFI$_=q$-%"%/%;%9$7!"(B
$B%9!<%Q%f!<%68"8B$rIT@5$KF~<j$G$-$k2DG=@-$,$"$j$^$9!#(B

4.5-RELEASE $B$h$jA0$K;H$o$l$F$$$?(B FFS $B%U%!%$%k%7%9%F%`$N(B
$B%G%U%)%k%H%V%m%C%/%5%$%:$r;H$C$F:n@.$5$l$?(B FFS $B%U%!%$%k%7%9%F%`$N$h$&$K!"(B
$B%V%m%C%/%5%$%:$,(B 16k $B%P%$%HL$K~(B (i386 $B%"!<%-%F%/%A%c$N>l9g(B)$B!"(B
$B$"$k$$$O(B 32k $B%P%$%HL$K~(B (alpha $B%"!<%-%F%/%A%c$N>l9g(B) $B$N(B
FFS $B%U%!%$%k%7%9%F%`$K$O!"$3$NLdBj$N1F6A$O$"$j$^$;$s!#(B

$B%U%!%$%k%7%9%F%`$N%V%m%C%/%5%$%:$rD4$Y$k$K$O!"<!$N%3%^%s%I$r;H$$$^$9!#(B

  # dumpfs /some/filesystem | grep '^bsize'


IV.  $B2sHrJ}K!(B - Workaround

16k $B%P%$%H$N%V%m%C%/%5%$%:$r;}$D%U%!%$%k%7%9%F%`>e$G$"$C$F$b!"%W%m%;%9$K(B
$B@_Dj$5$l$F$$$k%U%!%$%k%5%$%:$N%j%=!<%9@)8B(B (RLIMIT_FSIZE) $B$,(B 63MB $B0J2<$K(B
$B$J$C$F$$$l$P!"$3$N%P%0$r0-MQ$9$k$3$H$O$G$-$^$;$s!#$3$N@)8B$r9T$J$&(B
$B4JC1$JJ}K!$O!"(B/etc/login.conf $B$NE,@Z$J%m%0%$%s%/%i%9(B ($BBgDq$N>l9g$O(B
`default') $B$K!"<!$N$h$&$J%U%#!<%k%I$rDI2C$9$k$3$H$G$9!#(B

        :filesize=63m:\

/etc/login.conf $B$rJT=8$7$?8e$O!"<!$N%3%^%s%I$r<B9T$7$F!"BP1~$9$k(B
$B%1!<%Q%S%j%F%#%G!<%?%Y!<%9$b99?7$9$kI,MW$,$"$j$^$9!#(B

   # cap_mkdb /etc/login.conf

$B>\:Y$O(B login.conf(5) $B$r$4Mw$/$@$5$$!#$?$@$7!"$3$NA`:n$O<B9TCf$N(B
$B%W%m%;%9$d!"A`:nA0$K4{$K%m%0%$%s$7$F$$$k%f!<%6$,<B9T$9$k(B
$B?7$7$$%W%m%;%9$K$O8z2L$,$"$j$^$;$s$N$G$4Cm0U$/$@$5$$!#(B

$B%V%m%C%/%5%$%:$,(B 32k $B%P%$%H$rD6$($k%U%!%$%k%7%9%F%`$N>l9g$KE,@Z$J(B
$B%j%=!<%9@)8BCM$,$$$/$D$G$"$k$+$O8=;~E@$GH=L@$7$F$$$^$;$s!#(B63M $B%P%$%H$h$j(B
$B>.$5$$$+$bCN$l$^$;$s$7!"5U$KBg$-$$$+$bCN$l$^$;$s!#(B

login.conf $B$rFI$_9~$_!"@_Dj$rH?1G$5$;$k$N$O!"(B`login' $B$d(B `sshd' $B$J$I$N(B
$B%"%W%j%1!<%7%g%s$N;}$C$F$$$k5!G=$G$9!#%m%0%$%s5!G=$rDs6!$9$k(B
$B%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$r;H$C$F$$$k>l9g$O!"(Blogin.conf $B$r(B
$BFI$_9~$`$N$+$I$&$+$r3NG'$9$kI,MW$,$"$k$G$7$g$&!#(B


V.   $B2r7h:v(B - Solution

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r:G?7$N(B 4.6-STABLE $B$K(B
   $B%"%C%W%0%l!<%I$9$k$+!"$b$7$/$O=$@5F|0J9_$N(B RELENG_4_6
   (4.6.1-RELEASE-p5)$B!"(BRELENG_4_5 (4.5-RELEASE-p14)$B!"(B
   RELENG_4_4 (4.4-RELEASE-p21) $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K(B
   $B%"%C%W%0%l!<%I$9$k!#(B

2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r3NG'$7$^$9!#$3$N=$@5%Q%C%A$O!"(BFreeBSD 4.x $B%j%j!<%9$9$Y$F$K(B
   $BE,MQ$G$-$k$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch.asc

b) http://www.freebsd.org/handbook/kernelconfig.html $B$K=q$+$l$F$$$k(B
   $B<j=g$K$7$?$,$C$F%+!<%M%k$r:F9=C[$7!"%7%9%F%`$r:F5/F0$7$^$9!#(B


VI.  $B=$@5$N>\:Y(B - Correction details

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B


$B%Q%9L>(B                                                          $B%j%S%8%g%s(B
  $B%V%i%s%A(B
- -------------------------------------------------------------------------
sys/ufs/ffs/ffs_vfsops.c
  RELENG_4                                                     1.117.2.10
  RELENG_4_6                                                1.117.2.9.2.1
  RELENG_4_5                                                1.117.2.7.2.1
  RELENG_4_4                                                1.117.2.3.2.1
sys/conf/newvers.sh
  RELENG_4_6                                               1.44.2.23.2.10
  RELENG_4_5                                               1.44.2.20.2.15
  RELENG_4_4                                               1.44.2.17.2.20
- -------------------------------------------------------------------------


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B
