ailiopoulos/nfs-utils
SHA256
1
0
Fork 0
forked from pool/nfs-utils
Code Pull Requests Activity

- Don't make /var/lib/nfs owned by statd.

Browse Source 
Only sm sm.bak and state need to be accessible by
  statd.  Providing they get created, the parent
  directory can be root-owned.
  (bsc#1150733 CVE-2019-3689)

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=206
This commit is contained in:
Neil Brown 2019-09-16 23:45:23 +00:00 committed by Git OBS Bridge
parent 9571d78718
commit 2c42cd5b0d
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nfs-utils.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Sep 16 23:43:37 UTC 2019 - Neil Brown <nfbrown@suse.com>
- Don't make /var/lib/nfs owned by statd.
Only sm sm.bak and state need to be accessible by
statd. Providing they get created, the parent
directory can be root-owned.
(bsc#1150733 CVE-2019-3689)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 16 05:56:12 UTC 2019 - Neil Brown <nfbrown@suse.com> Mon Sep 16 05:56:12 UTC 2019 - Neil Brown <nfbrown@suse.com>

2
nfs-utils.spec
View File

@ -344,7 +344,7 @@ fi
%{_mandir}/man8/blkmapd.8%{ext_man} %{_mandir}/man8/blkmapd.8%{ext_man}
%{_mandir}/man8/rpc.svcgssd.8%{ext_man} %{_mandir}/man8/rpc.svcgssd.8%{ext_man}
%{_fillupdir}/sysconfig.nfs %{_fillupdir}/sysconfig.nfs
%attr(0711,statd,nogroup) %dir %{_localstatedir}/lib/nfs %dir %{_localstatedir}/lib/nfs
%dir %{_localstatedir}/lib/nfs/rpc_pipefs %dir %{_localstatedir}/lib/nfs/rpc_pipefs
%dir %{_localstatedir}/lib/nfs/v4recovery %dir %{_localstatedir}/lib/nfs/v4recovery
%attr(0700,statd,nogroup) %dir %{_localstatedir}/lib/nfs/sm %attr(0700,statd,nogroup) %dir %{_localstatedir}/lib/nfs/sm