1625648 – CVE-2018-10923 glusterfs: I/O to arbitrary devices on storage server

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1625648 - CVE-2018-10923 glusterfs: I/O to arbitrary devices on storage server

Summary: CVE-2018-10923 glusterfs: I/O to arbitrary devices on storage server

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	core
Sub Component:
Version:	3.12
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	bugs@gluster.org
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1625091 1625096
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-05 12:47 UTC by Amar Tumballi
Modified:	2018-09-14 08:30 UTC (History)
CC List:	11 users (show)
Fixed In Version:	glusterfs-3.12.14
Doc Type:	Release Note
Doc Text:
Clone Of:	1625096
Environment:
Last Closed:	2018-09-14 08:30:35 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Comment 1 Worker Ant 2018-09-05 12:58:14 UTC

REVIEW: https://review.gluster.org/21095 (posix: disable block and character files) posted (#1) for review on release-3.12 by Amar Tumballi

Comment 2 Worker Ant 2018-09-06 15:55:41 UTC

COMMIT: https://review.gluster.org/21095 committed in release-3.12 by "jiffin tony Thottan" <jthottan> with a commit message- posix: disable open/read/write on special files

In the file system, the responsibility w.r.to the block and char device
files is related to only support for 'creating' them (using mknod(2)).

Once the device files are created, the read/write syscalls for the specific
devices are handled by the device driver registered for the specific major
number, and depending on the minor number, it knows where to read from.
Hence, we are at risk of reading contents from devices which are handled
by the host kernel on server nodes.

By disabling open/read/write on the device file, we would be safe with
the bypass one can achieve from client side (using gfapi)

BUG: 1625648

Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
Signed-off-by: Amar Tumballi <amarts>

Comment 3 Jiffin 2018-09-14 08:30:35 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.14, please open a new bug report.

glusterfs-3.12.14 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://lists.gluster.org/pipermail/announce/2018-September/000112.html
[2] https://www.gluster.org/pipermail/gluster-users/

Note You need to log in before you can comment on or make changes to this bug.