Bug#940848: nfs-utils:CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs
Hi,
I submitted the following patch to address this issue:
https://salsa.debian.org/debian/nfs-utils/merge_requests/3/diffs
The source part of the fix was also submitted at:
https://bugzilla.linux-nfs.org/show_bug.cgi?id=338
I intend to push it to LTS/ELTS, I can also prepare an upload for
stable/oldstable if security-team wishes so.
What do you think?
To test:
pp/post_install_checknfs.sh:
#!/bin/sh -ex
if [ -e /var/lib/nfs ]; then
ls -ld /var/lib/nfs
if [ "$(dpkg -l | grep ' nfs-common ' | awk '{print $3}')" !=
'1:1.3.4-2.6' ]; then
exit 0
fi
if [ "$(stat -c '%U:%G' /var/lib/nfs)" != 'root:root' ]; then
exit 1
fi
fi
sudo piuparts -d bullseye nfs-utils_1.3.4-2.6_amd64.changes
--scriptsdir=$(pwd)/pp
sudo piuparts -d bullseye nfs-utils_1.3.4-2.6_amd64.changes
--scriptsdir=$(pwd)/pp --install-remove-install
Mount NFS with v3 mode to force statd:
$ sudo service rpcinfo stop
$ sudo service rpcinfo start
$ sudo mount -t nfs -o vers=3 127.0.0.1:/media/nfs /mnt/t
$ ps aux | grep statd
Ensure rpc.statd runs as 'statd' (not 'root').
Cheers!
Sylvain Beucler
Debian LTS Team
Reply to: