Synopsis: Security hole in umapfs
NetBSD versions: NetBSD 1.3.3 and prior; NetBSD-current until 19990312
Thanks to: Manuel Bouyer
Reported in NetBSD Security Advisory: SA1999-006


This patch fixes the umapfs problem described in the NetBSD-SA1999-006
security advisory. For it to apply, make sure you have NetBSD 1.3.3 kernel
sources unpacked in /usr/src, then do:
   % cd /usr/src/sys
   % patch <19990311-umapfs
   % cd ../../arch/`uname -m`/conf
   % config GENERIC
   % cd ../compile/GENERIC
   % make depend && make
   % su root
   # mv /netbsd /netbsd.old
   # cp netbsd /
   # chmod 444 /netbsd
   # sync; reboot


Index: miscfs/umapfs/umap_vfsops.c
===================================================================
RCS file: /archive/cvs/cvsroot/NetBSD/src/sys/miscfs/umapfs/umap_vfsops.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 umap_vfsops.c
--- umap_vfsops.c       1997/12/15 16:50:05     1.1.1.1
+++ umap_vfsops.c       1999/03/11 20:41:33
@@ -50,6 +50,7 @@
#include <sys/types.h>
#include <sys/vnode.h>
#include <sys/mount.h>
+#include <sys/proc.h>
#include <sys/namei.h>
#include <sys/malloc.h>
#include <miscfs/umapfs/umap.h>
@@ -85,6 +86,10 @@
       struct umap_mount *amp;
       size_t size;
       int error;
+
+       /* only for root */
+       if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
+               return error;

#ifdef UMAPFS_DIAGNOSTIC
       printf("umapfs_mount(mp = %p)\n", mp);

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.