65424 – (CVE-2005-2801) L3: VUL-0: CVE-2005-2801: kernel: Default ACLs disappear

Bug 65424 (CVE-2005-2801) - L3: VUL-0: CVE-2005-2801: kernel: Default ACLs disappear

Summary: L3: VUL-0: CVE-2005-2801: kernel: Default ACLs disappear

Status:	RESOLVED FIXED

Alias:	CVE-2005-2801

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Rolf Schmidt
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-2801: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-02-02 20:35 UTC by Andreas Gruenbacher
Modified:	2021-11-02 16:37 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Proposed fix (7.10 KB, patch) 2005-02-02 21:44 UTC, Andreas Gruenbacher	Details \| Diff
This fixes the real problem (1.96 KB, patch) 2005-02-06 02:06 UTC, Andreas Gruenbacher	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Gruenbacher 2005-02-02 20:35:24 UTC

We have a race in ext2/ext3 extended attribute sharing that has been reported to
show as default ACLs that disappear under specific circumstances. We haven't had
bug reports against SLES8 or SLES9 so far, and I was assuming that this did not
trigger, but now I have a bug report from Grant Bigham from IBM; he has
triggered it on SLES8. (The bug was fixed in the mainline kernel in December.)

This will probably become an L3 case. I'm already working on a minimal fix for
SLES8 and SLES9 SP1; for SP2 we might want to have the "proper" fix instead.

Comment 1 Andreas Gruenbacher 2005-02-02 21:44:05 UTC

Created attachment 28134 [details]
Proposed fix

This is a minimal fix that will somewhat slow down ext2 and ext3, but should
suffice to fix the race. I'm testing this fix now.

Comment 2 Marcus Meissner 2005-02-03 17:46:29 UTC

this affects older releases too, right?

Comment 3 Andreas Gruenbacher 2005-02-03 17:59:53 UTC

Yes, SLES8 and SLES9 are affected. The fix in comment 1 didn't fix the problem
for Grant. That was on an s390, but the bug has been reproduced on i386 with
2.6.10 mainline before, so I'll try to collect more debug information there first.

Comment 4 Andreas Gruenbacher 2005-02-06 02:06:51 UTC

Created attachment 28230 [details]
This fixes the real problem

In order not to run into the other bugs that Andrew Tridgell triggered, we
should apply the patches in both attachments.

Comment 5 Andreas Gruenbacher 2005-02-07 18:29:11 UTC

Note that the fix from comment 1 only fixes the mbcache race, but does not
address the journal_release_buffer journal accounting bug. The
journal_release_buffer bug is even more unlikely to trigger, and I'd prefer not
to fix it at all without any customer bug reports.

Comment 6 Andreas Gruenbacher 2005-02-07 18:42:52 UTC

Ralf, I need your decision concerning the fix in comment 1: IMO it is safe, but
the change is too fundamental to release without having QA run a bunch of ACL
tests on it.

Comment 11 Holger Hetterich 2005-02-11 23:18:12 UTC

Reassigning to agruen. Andreas, can you please create the mentioned PTF as an
mbuild?

Comment 21 Andreas Gruenbacher 2005-03-09 13:59:45 UTC

This issue is already fixed in all relevant branches.

Comment 23 Marcus Meissner 2005-04-14 11:29:40 UTC

i released this fix with a security update already.

Comment 24 Rolf Schmidt 2005-04-27 14:29:29 UTC

Issue is resolved. STTS Ticket closed.

Comment 25 Ludwig Nussel 2005-09-09 11:43:30 UTC

CAN-2005-2801

Comment 26 Thomas Biege 2009-10-13 21:03:31 UTC

CVE-2005-2801: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)