Bug #9612
closed
Run fsck with -z for ufs on upgrade to address FreeBSD-SA-19:10.ufs
100%
Description
Full details at https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc but long story short, on UFS filesystems uninitialized directory padding may contain a few bytes of content from kernel memory readable by anyone who can access a directory.
To clean it up, at boot time before mounting root, this must be run:
fsck -t ufs -f -p -T ufs:-z
We already have code to run fsck then, but we need to trigger this special run just once for everyone unconditionally on upgrade to a release containing the fix.
Updated by Renato Botelho about 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7373049764f144b2ea7c891bd60760ab64b41160.
Updated by Jim Pingle about 5 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to New
This fix does not appear to be getting triggered. There is no sign of the expected messages during the upgrade process.
Updated by Renato Botelho almost 5 years ago
- Status changed from New to Feedback
Applied in changeset 4e8c5dfa5be3f5a0725728cba2f7fa1d0f92e860.
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
Looks good on 2.4.5 and 2.5.0 now. I see the message when the rc package is upgraded, and the expected messages and fsck output during the upgrade process. The expected files are present afterward showing that the fix was applied.