From: Noah Meyerhans Date: Tue, 8 Jan 2008 03:07:05 +0000 (+0000) Subject: Long overdue import of 1.3.81-3sarge2, released via stable-security in X-Git-Tag: debian/1.3.81-3sarge2 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=a75d508cef65be202cff5d69cf0921cd14b5e257;p=packages%2Fo%2Fopenafs.git Long overdue import of 1.3.81-3sarge2, released via stable-security in March 2007. --- diff --git a/debian/changelog b/debian/changelog index 402df6581..6842216f9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,17 @@ -openafs (1.3.81-3sarge1) testing-proposed-updates; urgency=medium +openafs (1.3.81-3sarge2) stable-security; urgency=high + * Non-maintainer upload by the Security Team. + * Apply upstream patch to disable setuid status on all cells by default. + Prior versions of AFS defaulted to honoring setuid bits in the local + cell, but since unauthenticated file access in AFS is unencrypted, an + attacker could forge packets from an AFS file server to synthesize a + setuid binary in AFS. (CVE-2007-1507, OPENAFS-SA-2007-001) + + -- Noah Meyerhans Mon, 19 Mar 2007 15:56:43 -0400 + +openafs (1.3.81-3sarge1) unstable; urgency=high + + [ Russ Allbery ] * libpam-openafs-kaserver: Fix compilation so that the PAM module isn't missing symbols and therefore unusable. (Closes: #308844) * In the init script, handle modules named either with or without the diff --git a/debian/openafs-client.NEWS b/debian/openafs-client.NEWS new file mode 100644 index 000000000..9fd7ea9a1 --- /dev/null +++ b/debian/openafs-client.NEWS @@ -0,0 +1,24 @@ +openafs (1.3.81-3sarge2) stable-security; urgency=high + + As of this release of the OpenAFS kernel module, all cells, including + the local cell, have setuid support turned off by default due to the + possibility of an attacker forging AFS fileserver responses to create a + fake setuid binary. Prior releases enabled setuid support for the local + cell. Those binaries will now run with normal permissions by default. + + This security fix will only take effect once you've installed a kernel + module from openafs-modules-source 1.4.2-6 or later. Doing so is highly + recommended. In the meantime, you can disable setuid support by + running: + + fs setcell -cell -nosuid + + as root (where is your local cell, the one listed in + /etc/openafs/ThisCell). + + If you are certain there is no security risk of an attacker forging AFS + fileserver responses, you can enable setuid status selectively using the + fs setcell command. + + -- Russ Allbery Sun, 11 Mar 2007 22:28:07 -0700 + diff --git a/debian/rules b/debian/rules index 6a82ff305..e5c81f329 100755 --- a/debian/rules +++ b/debian/rules @@ -122,6 +122,8 @@ binary-indep: build install binary-source # dh_installmanpages dh_installinfo dh_installchangelogs + install -m 644 debian/openafs-client.NEWS \ + debian/$(srcpkg)/usr/share/doc/$(srcpkg)/NEWS.Debian dh_link dh_compress dh_fixperms diff --git a/src/afs/afs_cell.c b/src/afs/afs_cell.c index 3a783bfeb..0955e2f89 100644 --- a/src/afs/afs_cell.c +++ b/src/afs/afs_cell.c @@ -708,8 +708,7 @@ afs_NewCell(char *acellName, afs_int32 * acellHosts, int aflags, tc->vlport = AFS_VLPORT; RWLOCK_INIT(&tc->lock, "cell lock"); newc = 1; - if (afs_thiscell && !strcmp(acellName, afs_thiscell)) - aflags &= ~CNoSUID; + aflags |= CNoSUID; } ObtainWriteLock(&tc->lock, 688);