Date: Thu, 4 Jun 2020 18:19:17 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361800 - head Message-ID: <202006041819.054IJH4D085223@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Thu Jun 4 18:19:16 2020 New Revision: 361800 URL: https://svnweb.freebsd.org/changeset/base/361800 Log: RELNOTES and UPDATING: Document the new policy on read(2) of dirfd These changes have been completely flushed as of r361799; note it. Modified: head/RELNOTES head/UPDATING Modified: head/RELNOTES ============================================================================== --- head/RELNOTES Thu Jun 4 18:17:25 2020 (r361799) +++ head/RELNOTES Thu Jun 4 18:19:16 2020 (r361800) @@ -10,8 +10,17 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. -r361238: - ZFS will now reject read(2) of a dirfd with EISDIR. +r361238, r361798, r361799: + ZFS will now unconditionally reject read(2) of a directory with EISDIR. + Additionally, read(2) of a directory is now rejected with EISDIR by + default and may be re-enabled for non-ZFS filesystems that allow it with + the sysctl(8) MIB 'security.bsd.allow_read_dir'. + + Aliases for grep to default to '-d skip' may be desired if commonly + non-recursively grepping a list that includes directories and the + possibility of EISDIR errors in stderr is not tolerable. Example + aliases, commented out, have been installed in /root/.cshrc and + /root/.shrc. r361066: Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5). Modified: head/UPDATING ============================================================================== --- head/UPDATING Thu Jun 4 18:17:25 2020 (r361799) +++ head/UPDATING Thu Jun 4 18:19:16 2020 (r361800) @@ -26,6 +26,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20200604: + read(2) of a directory fd is now rejected by default. root may + re-enable it for system root only on non-ZFS filesystems with the + security.bsd.allow_read_dir sysctl(8) MIB if + security.bsd.suser_enabled=1. + + It may be advised to setup aliases for grep to default to `-d skip` if + commonly non-recursively grepping a list that includes directories and + the potential for the resulting stderr output is not tolerable. Example + aliases are now installed, commented out, in /root/.cshrc and + /root/.shrc. + 20200523: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 10.0.1. Please see the 20141231 entry below for
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006041819.054IJH4D085223>