From owner-doc-jp@jp.freebsd.org  Wed Apr  4 05:03:57 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id FAA52338;
	Wed, 4 Apr 2001 05:03:57 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id FAA52333
	for <doc-jp@jp.freebsd.org>; Wed, 4 Apr 2001 05:03:56 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0498-ip01funabasi.chiba.ocn.ne.jp [211.130.235.244])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id FAA20891
	for <doc-jp@jp.freebsd.org>; Wed, 4 Apr 2001 05:03:54 +0900 (JST)
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id EAA73953
	for <doc-jp@jp.freebsd.org>; Wed, 4 Apr 2001 04:59:36 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Date: Wed, 04 Apr 2001 04:57:25 +0900 (JST)
Message-Id: <20010404.045725.85414621.hrs@eos.ocn.ne.jp>
To: doc-jp@jp.freebsd.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <200103222112.f2MLCWm14901@freefall.freebsd.org>
References: <200103222112.f2MLCWm14901@freefall.freebsd.org>
X-Mailer: Mew version 1.95b101 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Wed_Apr__4_04:57:25_2001_788)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: doc-jp 8120
Subject: [doc-jp 8120] Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Wed_Apr__4_04:57:25_2001_788)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 01:30 $B$G$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|                         <hrs@FreeBSD.org> (FreeBSD Project)

----Next_Part(Wed_Apr__4_04:57:25_2001_788)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: inline; filename="01:30"
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:30 (2001-03-22)
 * UFS/EXT2FS allows disclosure of deleted data
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs
  From: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
  Date: Thu, 22 Mar 2001 13:12:32 -0800 (PST)
  Message-Id: <200103222112.f2MLCWm14901@freefall.freebsd.org>
  X-Sequence: announce-jp 726

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:30                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	UFS/EXT2FS allows disclosure of deleted data

$BJ,N`(B:		kernel
$B%b%8%e!<%k(B:	ufs/ext2fs
$B9pCNF|(B:		2001-03-22
$B%/%l%8%C%H(B:	Sven Berkvens <sven@berkvens.net>, Marc Olzheim <zlo@zlo.nu>
$B1F6AHO0O(B:       FreeBSD 3.x, 4.x. $B$N$9$Y$F$N%j%j!<%9(B
                $B=$@5F|0JA0$N(B FreeBSD 3.5-STABLE
                $B=$@5F|0JA0$N(B FreeBSD 4.2-STABLE
$B=$@5F|(B:		2000-12-22 (FreeBSD 3.5-STABLE)
                2000-12-22 (FreeBSD 4.2-STABLE)
FreeBSD $B$K8GM-$+(B:	NO


I.   $BGX7J(B - Background

UFS is the Unix File System, used by default on FreeBSD systems and
many other UNIX variants.  EXT2FS is a filesystem used by default on
many Linux systems, which is also available on FreeBSD.

UFS $B$O(B Unix File System $B$NN,$G(B, FreeBSD $B%7%9%F%`$*$h$S(B, $BB>$N(B
$BB?$/$N(B Unix $BM3Mh$N%7%9%F%`$K$*$$$FI8=`$G;HMQ$5$l$F$$$^$9(B.
$B$^$?(B, EXT2FS $B$OB?$/$N(B Linux $B%7%9%F%`$K$*$$$FI8=`$G;HMQ$5$l$F$$$k(B
$B%U%!%$%k%7%9%F%`$G(B, FreeBSD $B$G$bMxMQ2DG=$G$9(B.


II.  $BLdBj$N>\:Y(B - Problem Description

There exists a data consistency race condition which allows users to
obtain access to areas of the filesystem containing data from deleted
files.  The filesystem code is supposed to ensure that all filesystem
blocks are zeroed before becoming available to user processes, but in
a certain specific case this zeroing does not occur, and unzeroed
blocks are passed to the user with their previous contents intact.
Thus, if the block contains data which used to be part of a file or
directory to which the user did not have access, the operation results
in unauthorized access of data.

$B$3$l$i$N%U%!%$%k%7%9%F%`$K$O(B, $B%G!<%?$N0l4S@-$rB;$J$&$h$&$J6%9g>uBV$,(B
$BB8:_$7$^$9(B.  $B$3$l$K$h$j%f!<%6$O(B, $B%U%!%$%k%7%9%F%`Cf$N(B
$B:o=|:Q$_%U%!%$%k$N%G!<%?$,4^$^$l$kNN0h$K%"%/%;%9$9$k$3$H$,2DG=$G$9(B.

$B%U%!%$%k%7%9%F%`$N%3!<%I$G$O(B, $B%f!<%6%W%m%;%9$,?7$7$/MxMQ$9$k(B
$B%V%m%C%/$r$9$Y$F(B 0 $B$G=i4|2=$9$k$h$&$K$J$C$F$$$k$N$G$9$,(B,
$B$"$kFCDj$N>u672<$G$O$3$N(B 0 $B$K$h$k=i4|2=$,9T$J$o$l$:(B, $B0JA0$N%G!<%?$,(B
$B;D$C$?$^$^$N=i4|2=$5$l$F$$$J$$%V%m%C%/$,%f!<%6$KEO$5$l$F$7$^$$$^$9(B.
$B$b$7$=$N%V%m%C%/$,(B, $B%f!<%6$,%"%/%;%98"8B$r;}$?$J$$$h$&$J(B
$B%U%!%$%k$d%G%#%l%/%H%j$N0lIt$H$7$F;H$o$l$F$$$k>l9g(B,
$B$3$NF0:n$O%G!<%?$X$NIT@5$J%"%/%;%9$r5v$9860x$H$J$j$^$9(B.

All versions of FreeBSD 3.x and 4.x prior to the correction date
including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
problem.  This problem is not specific to FreeBSD systems and is
believed to exist on many filesystems.

FreeBSD 3.5.1-RELEASE $B$*$h$S(B 4.2-RELEASE $B$r4^$`(B, $B=$@5F|0JA0$N$9$Y$F$N(B
FreeBSD 3.x $B$*$h$S(B 4.x $B$,(B, $B$3$NLdBj$K$h$k<eE@$N1F6A$r<u$1$^$9(B. 
$B$^$?(B, $B$3$NLdBj$O(B FreeBSD $B%7%9%F%`$K8GM-$N$b$N$G$O$J$/(B, $B$[$H$s$I$N(B
$B%U%!%$%k%7%9%F%`$KB8:_$9$k$H9M$($i$l$F$$$^$9(B.

This problem was corrected prior to the forthcoming release of FreeBSD
4.3.

$B$3$NLdBj$O(B, $B%j%j!<%9$,M=Dj$5$l$F$$$k(B FreeBSD 4.3 $B$N8x3+A0$K=$@5$5$l$^$7$?(B.


III. $B1F6AHO0O(B - Impact

Unprivileged users may obtain access to data which was part of deleted
files.

$B9b$$8"8B$r;}$?$J$$%f!<%6$O(B, $B:o=|:Q$_$N%U%!%$%k$K4^$^$l$F$$$?%G!<%?$K(B
$B%"%/%;%9$9$k$3$H$,2DG=$G$9(B.


IV.  $B2sHrJ}K!(B - Workaround

None appropriate.

$BM-8z$J2sHrJ}K!$O$"$j$^$;$s(B.


V.   $B2r7h:v(B - Solution

Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
after the respective correction dates.

FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 4.2-STABLE $B$b$7$/$O(B 3.5-STABLE
$B$K%"%C%W%0%l!<%I$7$^$9(B.

To patch your present system: download the relevant patch from the
below location, and execute the following commands as root:

$B8=:_MxMQCf$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k$K$O(B, $B0J2<$N>l=j$+$i(B
$B=$@5%Q%C%A$r%@%&%s%m!<%I$7(B, root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc

Verify the detached PGP signature using your PGP utility.
PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

This patch has been verified to apply against FreeBSD 3.5.1-RELEASE,
FreeBSD 4.1.1-RELEASE and FreeBSD 4.2-RELEASE.  It may or may not
apply to older, unsupported releases.

$B$3$N=$@5%Q%C%A$O(B FreeBSD 4.1.1-RELEASE, 4.2-RELEASE $B$*$h$S(B 3.5.1-RELEASE $B$K(B
$BE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$^$9(B.  $B$=$l$h$j8E$$%j%j!<%9$KBP$7$F(B
$BE,MQ2DG=$+$I$&$+$O3NG'$5$l$F$$$^$;$s(B.

# cd /usr/src
# patch -p < /path/to/patch

Rebuild and reinstall your kernel as described in the FreeBSD handbook
at the following URL:

  http://www.freebsd.org/handbook/kernelconfig.html

and reboot for the changes to take effect.

$B=$@5%Q%C%A$rE,MQ$7$?$i(B, $B0J2<$N(B URL $B$K$"$k(B FreeBSD $B%O%s%I%V%C%/$N(B
$B5-=R$K$7$?$,$C$F%+!<%M%k$r:F9=C[$7(B, $B%$%s%9%H!<%k$7$^$9(B.
$B$=$7$F=$@5$rM-8z$K$9$k$?$a(B, $B%7%9%F%`$r:F5/F0$7$F$/$@$5$$(B.


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:30,v 1.1 2001/04/03 19:50:57 hrs Exp $

----Next_Part(Wed_Apr__4_04:57:25_2001_788)----
