#201291: A Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow Files in a Non-global Zone to be Moved or Renamed From a Read-Only Fileystem

A Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow Files in a Non-global Zone to be Moved or Renamed From a Read-Only Fileystem

Category :	Security
Release Phase :	Resolved
Product :	Solaris 10 Operating System
Bug Id :	6366432
Date of Resolved Release :	01-FEB-2007

Impact

Local privileged users inside a non-global zone may be able to move or rename files which are part of a read-only mounted loopback file system (see lofs(7FS)). This filesystem may be shared with the global zone, which would result in the files being removed from the global zone also. This can result in a Denial of Service (DoS) to the non-global zone and the global zone.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

Solaris 10 without patch 118833-28

x86 Platform

Solaris 10 without patch 118855-28

Note: Solaris 8 and Solaris 9 are not impacted by this issue.

This issue only impacts systems which have non-global zones configured with the read-only LOFS root filesystem using the root filesystem of the global zone as the underlying filesystem.

To determine if a system is configured with non-global zones utilizing read-only loopback filesystems the following commands can be run from the global zone:

1. Display the name of the current zones on the system:

    $ zoneadm list -cv
    ID NAME             STATUS         PATH                          
    0 global           running        /                             
    2 localzone1       running        /zones/localzone1
    3 localzone2       running        /export/localzone2

2. Search the mounted file system table file (mnttab(4)) for read-only and loopback entries for the path to the non-global zones (as listed under the "PATH" heading above):

    $ egrep "(/zones/localzone1|/export/localzone2).*lofs.*ro"
    /lib - /zones/localzone1/root/lib lofs - no ro,nodevices,nosub
    /usr - /export/localzone2/root/usr lofs - no ro,nodevices,nosub

Any pathname which is found by the egrep(1) command is affected by this issue.

Symptoms

If this issue has been exploited, the user may notice files missing or moved out of the affected filesystem, either in the global zone or in the non-global zone. Services which depend on these files may no longer be available.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

Solaris 10 with patch 118833-28 or later

x86 Platform

Solaris 10 with patch 118855-28 or later

Attachments

This solution has no attachment

Login Required

Login Required