jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 15:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8f1eba056f
openafs/doc
History
Jeffrey Altman 8f1eba056f CVE-2018-7168 RXAFS_StoreACL deprecate 134 introduce 164 
There exist in the wild AFS3 clients that improperly construct access
control lists which are then stored to directories via RXAFS_StoreACL
(opcode 134).  These clients add negative access control entries (if any)
to the normal rights list.

As there is no method by which a fileserver can determine that the
ACL is improperly constructed, the only method to defend the storage of
broken ACLs is to identify clients that are known to properly construct
ACLs by introducing a new RXAFS_StoreACL opcode (164).

This change:

 * Renames RXAFS opcode 134 to RXAFS_OldStoreACL

 * Introduces RXAFS opcode 164 as RXAFS_StoreACL

 * Implements SRXAFS_OldStoreACL and SRXAFS_StoreACL in the fileserver
   via a common_StoreACL() function that accepts the executed opcode
   as input.

 * To avoid breaking changes in stable release branches,
   SRXAFS_OldStoreACL will still be allowed by default, with an option
   to cause it to be failed by default with error EPERM/UAEPERM.
   A follow-up commit will cause SRXAFS_OldStoreACL to fail by default
   on the master branch.

 * When opcode 134 is called, the a FileLog entry will be generated
   at log level 0 instead of 1 and the entry will contain the string
   "CVE-2018-7168".

 * Modifies the format of the ACL logged to the FileLog and the audit
   stream.  Previously the AFSOpaque format was used directly.  The
   problem with this format is that it uses newlines as the ACE
   separator.  Since the FileLog and file audit log is intended to
   be one line per log entry, the newlines break the file formats.
   This change replaces the newlines with spaces for display purposes
   unless the process is unable to allocate the additional memory.

 * Introduces a new fileserver command line switch -cve-2018-7168-enforce
   which when specified causes SRXAFS_OldStoreACL RPCs to be failed.

[kaduk@mit.edu: switch en/disable-by-default behavior and fix argument parsing]

Change-Id: Ic92ef45314d75fbc2b8ff574223fab2d398a1d60
FIXES: 134485
Reviewed-on: https://gerrit.openafs.org/12942
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2021-10-08 16:15:55 -04:00
..
doxygen Cleanup vestiges of old shared library build directories 2020-03-05 21:53:26 -05:00
man-pages CVE-2018-7168 RXAFS_StoreACL deprecate 134 introduce 164 2021-10-08 16:15:55 -04:00
pdf initial-pdf-with-embedded-cmr-fonts-20010606 2001-06-06 18:58:13 +00:00
protocol lwp: remove preemption support 2016-05-05 12:51:14 -04:00
txt rx: fix out-of-range value for RX_CONN_NAT_PING 2020-07-23 23:06:14 -04:00
xml Remove NoAuth procedures from Admin Guide 2021-06-11 03:14:58 -04:00
LICENSE Rework the Kerberos Autoconf probes 2010-06-15 16:30:04 -07:00
README doc: relocate notes from arch to txt 2017-08-03 20:44:28 -04:00

README 

What's in the "doc" subdirectory

** doc/man-pages
pod sources for man pages (converted from original IBM html source).

** doc/xml
xml sources for manuals (converted from original IBM html source).
Note: The doc/xml/AdminRef uses doc/xml/AdminRef/pod2refentry to convert the
pod man pages to xml for printing.  pod goes directly to html just fine.

** doc/pdf
Old Transarc (and possibly pre-Transarc) protocol and API documentation for
which we have no other source.

** doc/txt
Technical notes, Windows notes, and examples.

** doc/doxygen
Configuration files for the doxygen tool to generate documentation from
the annotated sources. See the 'dox' Makefile target in the top level
Makefile.