|Version 8 (modified by 3 years ago) ( diff ),|
There is a vulnerability in all Linux kernels at the time of this writing that allows remote attackers to mark the ext2 or ext3 filesystem exported via NFS as dirty and needing recovery. A working exploit is available from http://bugzilla.kernel.org/show_bug.cgi?id=6828. If the ext2 or ext3 filesystem is mounted with a non-default "errors=remount-ro" or "errors=panic" option, the attacker will be able to cause it to be remounted read-only on the server, or cause a filesystem panic, respectively. Without those options, the journal is turned off.
Any of the following methods is sufficient to resolve the problem:
- Don't export ext2 and ext3 filesystems via NFS (even read-only) if there is a possibility that the exploit will be used against your server. Use any other filesystem instead of ext2 or ext3.
- Don't use the kernel-space NFS server. A userspace NFSv3 server is available from http://unfs3.sourceforge.net/ and can be installed instead of NFS Utilities.
- Upgrade the kernel to version 2.6.16.x with x >= 29, or 2.6.17.x with x >= 11
I'm not sure but I think the MD5-Checksum for nfs-utils-1.0.10 form the stable blfs is incorrect. I got 1949634d0dc896696d8a880bdca622c8 with the Source form kernel.org and with the soruce from http://surfnet.dl.sourceforge.net/sourceforge/nfs/ which I got from SourceForge.
Because of chown during the install, DESTDIR only works if run as root.