[OpenIndiana-discuss] Fwd: [developer] SECURITY HEADS UP - illumos#14424

Aurélien Larcher aurelien.larcher at gmail.com
Tue Jan 18 20:14:24 UTC 2022


Given that illumos-gate is rebuilt every night, this change will land in
Hipster by tomorrow; it was merged into illumos-gate 3 hours ago.

Nonetheless I am forwarding the information in case it affects anyone
subscribed to these mailing lists.


---------- Forwarded message ---------
From: Dan McDonald <danmcd at joyent.com>
Date: Tue, Jan 18, 2022 at 7:55 PM
Subject: [developer] SECURITY HEADS UP - illumos#14424
To: illumos-developer <developer at lists.illumos.org>, illumos-discuss <
discuss at lists.illumos.org>
Cc: Dan McDonald <danmcd at joyent.com>


Hello folks!

Quick breakdown:

IMPACT: This bug allows an unprivileged user with access to a tmpfs to
induce a denial of service to the system. This is more serious if untrusted
users have access to the system (e.g. a shared environment).

ACTION: Please be on the look out for patches from the various
distributions and be ready to install them.

MITIGATIONS: At this time, there are no known easy mitigations that one can
apply short of disabling access to untrusted users and/or removing the
ability to use tmpfs from their zones.

NEXT STEPS: As we follow up on this, we'll be doing some additional
auditing and looking to more generally strengthen our regression test
suites to be able to catch issues like this in advance and ensure that that
they are not reintroduced.

.  .  .

These details are also in https://www.illumos.org/issues/14424

        Security researcher Hans Christian Woithe reported CVE-2021-43395 to
        both us and Oracle. He discovered conditions where any arbitrary
user
        could induce tmpfs to panic with deadlock-detection. This bug tracks
        our fix for this problem.

        Tested using Hans's PoC, which now does not induce a panic. Tested
on
        OmniOS both bare-metal (by Andy Fiddaman) and VM (by Dan
        McD.). Tested on SmartOS bare-metal (by Dan McD.).

We will introduce more analysis into the bug report as this fix gets
propagated.

If you run a distro PLEASE PUT THIS FIX IN ANY SUPPORTED RELEASE YOU HAVE.
It's easily backportable/cherry-pickable; I know OmniOS has it in their
old-LTS r151030, for example.

Thanks to Robert Mustacchi and Andy Fiddaman for feedback of earlier
revisions of this fix.

Thanks especially to security researcher Hans Christian Woithe, who informed
us and Oracle of this very old bug.  I appreciate he took the advice here:

        https://kebe.com/blog/?p=505

and I hope we reacted accordingly and politely (given we coordinated
releasing this fix with Oracle).

Please update your distros ASAP.  And after some time, we'll update 14424
with details on how we arrived at the illumos fix.

Thank you,
Dan McDonald & Robert Mustacchi - on behalf of security at illumos.org


------------------------------------------
illumos: illumos-developer
Permalink:
https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959-M152e45495ece9b9555b52167
Delivery options: https://illumos.topicbox.com/groups/developer/subscription


-- 
---
Praise the Caffeine embeddings


More information about the openindiana-discuss mailing list