<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Given that illumos-gate is rebuilt every night, this change will land in Hipster by tomorrow; it was merged into illumos-gate 3 hours ago.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Nonetheless I am forwarding the information in case it affects anyone subscribed to these mailing lists.</div><div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Dan McDonald</strong> <span dir="auto"><<a href="mailto:danmcd@joyent.com">danmcd@joyent.com</a>></span><br>Date: Tue, Jan 18, 2022 at 7:55 PM<br>Subject: [developer] SECURITY HEADS UP - illumos#14424<br>To: illumos-developer <<a href="mailto:developer@lists.illumos.org">developer@lists.illumos.org</a>>, illumos-discuss <<a href="mailto:discuss@lists.illumos.org">discuss@lists.illumos.org</a>><br>Cc: Dan McDonald <<a href="mailto:danmcd@joyent.com">danmcd@joyent.com</a>><br></div><br><br>Hello folks!<br>
<br>
Quick breakdown:<br>
<br>
IMPACT: This bug allows an unprivileged user with access to a tmpfs to induce a denial of service to the system. This is more serious if untrusted users have access to the system (e.g. a shared environment).<br>
<br>
ACTION: Please be on the look out for patches from the various distributions and be ready to install them.<br>
<br>
MITIGATIONS: At this time, there are no known easy mitigations that one can apply short of disabling access to untrusted users and/or removing the ability to use tmpfs from their zones.<br>
<br>
NEXT STEPS: As we follow up on this, we'll be doing some additional auditing and looking to more generally strengthen our regression test suites to be able to catch issues like this in advance and ensure that that they are not reintroduced.<br>
<br>
. . .<br>
<br>
These details are also in <a href="https://www.illumos.org/issues/14424" rel="noreferrer" target="_blank">https://www.illumos.org/issues/14424</a><br>
<br>
Security researcher Hans Christian Woithe reported CVE-2021-43395 to<br>
both us and Oracle. He discovered conditions where any arbitrary user<br>
could induce tmpfs to panic with deadlock-detection. This bug tracks<br>
our fix for this problem.<br>
<br>
Tested using Hans's PoC, which now does not induce a panic. Tested on<br>
OmniOS both bare-metal (by Andy Fiddaman) and VM (by Dan<br>
McD.). Tested on SmartOS bare-metal (by Dan McD.).<br>
<br>
We will introduce more analysis into the bug report as this fix gets propagated.<br>
<br>
If you run a distro PLEASE PUT THIS FIX IN ANY SUPPORTED RELEASE YOU HAVE.<br>
It's easily backportable/cherry-pickable; I know OmniOS has it in their<br>
old-LTS r151030, for example.<br>
<br>
Thanks to Robert Mustacchi and Andy Fiddaman for feedback of earlier<br>
revisions of this fix.<br>
<br>
Thanks especially to security researcher Hans Christian Woithe, who informed<br>
us and Oracle of this very old bug. I appreciate he took the advice here:<br>
<br>
<a href="https://kebe.com/blog/?p=505" rel="noreferrer" target="_blank">https://kebe.com/blog/?p=505</a><br>
<br>
and I hope we reacted accordingly and politely (given we coordinated<br>
releasing this fix with Oracle).<br>
<br>
Please update your distros ASAP. And after some time, we'll update 14424<br>
with details on how we arrived at the illumos fix.<br>
<br>
Thank you,<br>
Dan McDonald & Robert Mustacchi - on behalf of <a href="mailto:security@illumos.org" target="_blank">security@illumos.org</a><br>
<br>
<br>
------------------------------------------<br>
illumos: illumos-developer<br>
Permalink: <a href="https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959-M152e45495ece9b9555b52167" rel="noreferrer" target="_blank">https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959-M152e45495ece9b9555b52167</a><br>
Delivery options: <a href="https://illumos.topicbox.com/groups/developer/subscription" rel="noreferrer" target="_blank">https://illumos.topicbox.com/groups/developer/subscription</a><br>
</div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font style="font-family:courier new,monospace" size="1">---<br>Praise the Caffeine embeddings<br></font></div></div></div></div></div>