Note: This is an archival copy of Security Sun Alert 200310 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000235.1.
Article ID : 1000235.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-10-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris UFS When Logging is Enabled

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
4936030

Date of Resolved Release
22-SEP-2005

Impact

A local unprivileged user with "write" access to a Unix File System (UFS) on which UFS logging is enabled (see also ufs(7fs)) may have the ability to cause a "soft hang" of the Solaris operating system, resulting in a Denial-of-Service (DoS) condition.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 116950-05
  • Solaris 9 without patch 117427-03

x86 Platform

  • Solaris 8 without patch 116951-05
  • Solaris 9 without patch 117476-01

Notes:

  1. Solaris 10 is not affected by this issue. Solaris 7 will not be evaluated regarding the potential impact of the issue described in this Sun Alert.
  2. This condition can only occur when performing operations on Solaris 8 and 9 file systems on which UFS logging is enabled.

To determine if logging is enabled on a file system(s), the following command can be run (this will return one line per file system that has "logging" in its entry):

    $ mount | grep logging
    / on /dev/dsk/c0t0d0s0
    read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=220000
    8 on Wed Sep 14 18:50:25 2005
    /local on /dev/dsk/c0t0d0s1
    read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=220000
    9 on Wed Sep 14 18:50:41 2005

In the above example, both "/" and "/local" file systems have logging enabled. If the logging option is not present, the system is not vulnerable to this issue.


Symptoms

Should the described issue occur, the first symptom will be that I/O commands operating on the affected file system will hang. This may include commands such as ls(1).

Note: Verification of an occurrence of this issue may also be obtained through examination of a forced crash dump.


Workaround

To work around the described issue (if this issue has not yet occurred), temporarily suspend logging on all (UFS) file systems to which local unpriviledged users have write access until patches can be applied. This can be accomplished by either:

A) Replacing the "logging" entry with the "nologging" keyword to entries in the "/etc/vfstab" file where logging has been enabled and then remounting the file system,

or:

B) by running the following command:

    # mount -o remount,nologging <mount_point>

(the above setting will only persist until the next reboot).

Notes:

  1. Once this issue has been encountered, there is no workaround and only a system reboot will clear this condition. Patches should be applied as soon as allowable in order to avoid this issue.
  2. Disabling logging may have an adverse affect on the write-performance of each affected file system.
  3. Disabling UFS logging removes the file system integrity protection in the event of a system panic or hang and therefore is not recommended unless this issue has been encountered.

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116950-05 or later
  • Solaris 9 with patch 117427-03 or later

x86 Platform

  • Solaris 8 with patch 116951-05 or later
  • Solaris 9 with patch 117476-01 or later


References

116950-05
117427-03
116951-05
117476-01




Attachments
This solution has no attachment