[Bugs] [Bug 1625096] CVE-2018-10923 glusterfs: I/ O to arbitrary devices on storage server
bugzilla at redhat.com
bugzilla at redhat.com
Thu Sep 6 05:41:46 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1625096
Worker Ant <bugzilla-bot at gluster.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|POST |MODIFIED
--- Comment #4 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: https://review.gluster.org/21069 committed in master by "Amar Tumballi"
<amarts at redhat.com> with a commit message- posix: disable open/read/write on
special files
In the file system, the responsibility w.r.to the block and char device
files is related to only support for 'creating' them (using mknod(2)).
Once the device files are created, the read/write syscalls for the specific
devices are handled by the device driver registered for the specific major
number, and depending on the minor number, it knows where to read from.
Hence, we are at risk of reading contents from devices which are handled
by the host kernel on server nodes.
By disabling open/read/write on the device file, we would be safe with
the bypass one can achieve from client side (using gfapi)
Fixes: bz#1625096
Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
Signed-off-by: Amar Tumballi <amarts at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=M3iUJDJg5w&a=cc_unsubscribe
More information about the Bugs
mailing list