terça-feira, 26 de janeiro de 2010

ZFS no FreeBSD (revisado)

Instalação do ZFS no FreeBSD

ZFS quick start guide

Instalando exclusivamente ZFS no FreeBSD

Instalando exclusivamente, mas usando gpart e GPT

instalação em apple (mas deve servir para os demais)

instalação, conforme wiki.freebsd.org

mais um (do wiki) usando GPT e mirroring

problemas de segurança:
Atenção usuários de ZFS...


---------- Forwarded message ----------
From: Pawel Jakub Dawidek
Date: Tue, Nov 10, 2009 at 8:45 PM
Subject: HEADS UP: Important bug fix in ZFS replay code!
To: freebsd-current@freebsd.org
Cc: freebsd-fs@freebsd.org


Hi.

There was important bug in ZFS replay code. If there were setattr logs
(not related to permission change) in ZIL during unclean shutdown, one
can end up with files that have mode set to 07777.

This is very dangerous, especially if you have untrusted local users, as
this will set setuid bit on such files. Note that FreeBSD will remove
setuid bits when someone will try to modify the file, but it is still
dangerous.

You can locaAtenção usuários de ZFS...


---------- Forwarded message ----------
From: Pawel Jakub Dawidek
Date: Tue, Nov 10, 2009 at 8:45 PM
Subject: HEADS UP: Important bug fix in ZFS replay code!
To: freebsd-current@freebsd.org
Cc: freebsd-fs@freebsd.org


Hi.

There was important bug in ZFS replay code. If there were setattr logs
(not related to permission change) in ZIL during unclean shutdown, one
can end up with files that have mode set to 07777.

This is very dangerous, especially if you have untrusted local users, as
this will set setuid bit on such files. Note that FreeBSD will remove
setuid bits when someone will try to modify the file, but it is still
dangerous.

You can locate such files with the following command:

# find / -perm -7777 -print0 | xargs -0 ls -ld

You can locate and fix such files with the following command:

# find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-tte such files with the following command:

# find / -perm -7777 -print0 | xargs -0 ls -ld

You can locate and fix such files with the following command:

# find / -perm -7777 -print0 | xargs -0 chmod a-s,o-w,-t
Postado por às
Marcadores: ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)