jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18b4243772
openafs/doc/man-pages/pod8/fragments/fileserver-synopsis.pod
Jeffrey Altman 8f1eba056f CVE-2018-7168 RXAFS_StoreACL deprecate 134 introduce 164 
There exist in the wild AFS3 clients that improperly construct access
control lists which are then stored to directories via RXAFS_StoreACL
(opcode 134).  These clients add negative access control entries (if any)
to the normal rights list.

As there is no method by which a fileserver can determine that the
ACL is improperly constructed, the only method to defend the storage of
broken ACLs is to identify clients that are known to properly construct
ACLs by introducing a new RXAFS_StoreACL opcode (164).

This change:

 * Renames RXAFS opcode 134 to RXAFS_OldStoreACL

 * Introduces RXAFS opcode 164 as RXAFS_StoreACL

 * Implements SRXAFS_OldStoreACL and SRXAFS_StoreACL in the fileserver
   via a common_StoreACL() function that accepts the executed opcode
   as input.

 * To avoid breaking changes in stable release branches,
   SRXAFS_OldStoreACL will still be allowed by default, with an option
   to cause it to be failed by default with error EPERM/UAEPERM.
   A follow-up commit will cause SRXAFS_OldStoreACL to fail by default
   on the master branch.

 * When opcode 134 is called, the a FileLog entry will be generated
   at log level 0 instead of 1 and the entry will contain the string
   "CVE-2018-7168".

 * Modifies the format of the ACL logged to the FileLog and the audit
   stream.  Previously the AFSOpaque format was used directly.  The
   problem with this format is that it uses newlines as the ACE
   separator.  Since the FileLog and file audit log is intended to
   be one line per log entry, the newlines break the file formats.
   This change replaces the newlines with spaces for display purposes
   unless the process is unable to allocate the additional memory.

 * Introduces a new fileserver command line switch -cve-2018-7168-enforce
   which when specified causes SRXAFS_OldStoreACL RPCs to be failed.

[kaduk@mit.edu: switch en/disable-by-default behavior and fix argument parsing]

Change-Id: Ic92ef45314d75fbc2b8ff574223fab2d398a1d60
FIXES: 134485
Reviewed-on: https://gerrit.openafs.org/12942
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2021-10-08 16:15:55 -04:00

56 lines
2.4 KiB
Plaintext
Raw Blame History

B<fileserver>
S<<< [B<-auditlog> [<I<interface>>:]<I<path>>[<I<options>>]] >>>
S<<< [B<-audit-interface> <I<default interface>>] >>>
S<<< [B<-d> <I<debug level>>] >>>
S<<< [B<-p> <I<number of processes>>] >>>
S<<< [B<-spare> <I<number of spare blocks>>] >>>
S<<< [B<-pctspare> <I<percentage spare>>] >>>
S<<< [B<-b> <I<buffers>>] >>>
S<<< [B<-l> <I<large vnodes>>] >>>
S<<< [B<-s> <I<small vnodes>>] >>>
S<<< [B<-vc> <I<volume cachesize>>] >>>
S<<< [B<-w> <I<call back wait interval>>] >>>
S<<< [B<-cb> <I<number of call backs>>] >>>
S<<< [B<-banner>] >>>
S<<< [B<-novbc>] >>>
S<<< [B<-implicit> <I<admin mode bits: rlidwka>>] >>>
S<<< [B<-readonly>] >>>
S<<< [B<-admin-write>] >>>
S<<< [B<-hr> <I<number of hours between refreshing the host cps>>] >>>
S<<< [B<-busyat> <I<< redirect clients when queue > n >>>] >>>
S<<< [B<-nobusy>] >>>
S<<< [B<-rxpck> <I<number of rx extra packets>>] >>>
S<<< [B<-rxdbg>] >>>
S<<< [B<-rxdbge>] >>>
S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
S<<< [B<-nojumbo>] >>>
S<<< [B<-jumbo>] >>>
S<<< [B<-rxbind>] >>>
S<<< [B<-allow-dotted-principals>] >>>
S<<< [B<-L>] >>>
S<<< [B<-S>] >>>
S<<< [B<-k> <I<stack size>>] >>>
S<<< [B<-realm> <I<Kerberos realm name>>] >>>
S<<< [B<-udpsize> <I<size of socket buffer in bytes>>] >>>
S<<< [B<-sendsize> <I<size of send buffer in bytes>>] >>>
S<<< [B<-abortthreshold> <I<abort threshold>>] >>>
S<<< [B<-enable_peer_stats>] >>>
S<<< [B<-enable_process_stats>] >>>
S<<< [B<-syslog> [<I< loglevel >>]] >>>
S<<< [B<-mrafslogs>] >>>
S<<< [B<-transarc-logs>] >>>
S<<< [B<-saneacls>] >>>
S<<< [B<-cve-2018-7168-enforce>] >>>
S<<< [B<-help>] >>>
S<<< [B<-vhandle-setaside> <I<fds reserved for non-cache io>>] >>>
S<<< [B<-vhandle-max-cachesize> <I<max open files>>] >>>
S<<< [B<-vhandle-initial-cachesize> <I<fds reserved for non-cache io>>] >>>
S<<< [B<-vattachpar> <I<number of volume attach threads>>] >>>
S<<< [B<-m> <I<min percentage spare in partition>>] >>>
S<<< [B<-lock>] >>>
S<<< [B<-vhashsize> <I<log(2) of number of volume hash buckets>>] >>>
S<<< [B<-offline-timeout> <I<timeout in seconds>>] >>>
S<<< [B<-offline-shutdown-timeout> <I<timeout in seconds>>] >>>
S<<< [B<-sync> <I<sync behavior>>] >>>
S<<< [B<-logfile <I<log file>>] >>> S<<< [B<-config <I<configuration path>>] >>>
Reference in New Issue View Git Blame Copy Permalink