From owner-freebsd-pkg@freebsd.org Sun Jul 5 23:56:45 2020 Return-Path: Delivered-To: freebsd-pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3ED68350A35 for ; Sun, 5 Jul 2020 23:56:45 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B0QbH5jyvz4WHf for ; Sun, 5 Jul 2020 23:56:43 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: by mailman.nyi.freebsd.org (Postfix) id C445B3504EF; Sun, 5 Jul 2020 23:56:43 +0000 (UTC) Delivered-To: pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C40FF350842 for ; Sun, 5 Jul 2020 23:56:43 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2560 bits) client-digest SHA256) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B0QbD4jVZz4WHc; Sun, 5 Jul 2020 23:56:39 +0000 (UTC) (envelope-from dewayne@heuristicsystems.com.au) Received: from [10.0.5.3] (noddy.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id 065Nt9vv022466 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Mon, 6 Jul 2020 09:55:09 +1000 (AEST) (envelope-from dewayne@heuristicsystems.com.au) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=heuristicsystems.com.au; s=hsa; t=1593993310; x=1594598111; bh=VlQVbBp4kq+inncxKg7z++UzHA6IwL7KCUTKms/Uu80=; h=Subject:To:Cc:From:Message-ID:Date; b=By4CW4xeMC4/bNSDsulEXaODPWJl/59upaOOkWvjGLIOgBanJpnx8mpPb9DrofHcj U/Ia3Z9hmawdRzwRZswkKkkkIIW81x2oA6NDwTZpPIasypPBb8e/Ate24VO1kwK5Of ydEZ3FNvOetXpdzrAtKJgJj7qYRGHH7ELyXzvOU8bT16d7tJKx3+4 X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be [10.0.5.3] Subject: Re: Filesystem extended attributes support To: Shawn Webb , Baptiste Daroussin Cc: pkg@freebsd.org, dev@hardenedbsd.org References: <20200704141345.xwdf2ckxak2hfpkh@mutt-hbsd> <20200704201100.lkcde42gtlgspwpr@ivaldir.net> <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd> From: Dewayne Geraghty Autocrypt: addr=dewayne@heuristicsystems.com.au; prefer-encrypt=mutual; keydata= mQFNBFbOsVMBCgDfvi2PspSwoMEtFhF+aFLQKtzSA9f0dhDqthKHESdfbqxvKzhkBjvTJ5Na EgjKoKfoQTh5xuIv3HLhtDo5PeasPgQl9cPJeriqmqlS+UhY5BGYcMc1AO/TX0fsDaQz96ko at3RUW7sff/qPgVzSurk+DV5h866gPdn5Jdjohyl2F1rzRl6dnaAIyg49zlwZOnPHJGKye+B meqUCnPRglhkpNqXR3v1ulbWpfwhdNDvWT82qTG/qsFy/agjJvxwLuEBeoGc1dPWasO8Nztt 0dqf1Lpeg6SX2yJd76WVS4znt88OEbx/QL2PTJ/YtSepS68WaeKuARKPukkU+QXDep0gaLPl /TvU5xAZndNB3rYnpmoLb32pDHlrJbZUVyTMqc3J2EYM6aaizCpg4VEvVpVSqUT4D9MuREhu PeZ3SvEazQARAQABiQF3BB8BCAAhBQJWzrFTFwyAAWHe5yZt8RJL0vaU1MfDto5dBmeFAgcA AAoJEJVk7a1LmFrdy2QJ/AysDdFIMCRiaqEellprZQyEz5I/qZJEi6yRfXH813hhISFz6moh urZYLQ9SRdyMntT8W3Oc4pJc9fF9RSnY0SSQY/arZbrvsv6hKb1KtIK7P5mLS914J9buxEcJ SWeVuOuMA9aCNqg5uMu19pH5pXayORfbv+K7vFPiyllZ64ShUWZJL69vAc/TsbvMrGtG1M4P qyWCOKEiUT93zhVGQoA0aUYjMAZoyvozZCuieo4O8hkPgMz9lka+3bqQBSOB+qO4Iz+CZs0k Lw7Soga6bRqLK86DH99WjTA6Oj1r8Won+j4V9fnTDCVJoSyqdVHLySDv/lHaNu4Ia4AO4i2d shmLw03gOUvoWLJx5X01A5Zio4FvecnpZqQ0Wz5Ph9MiK3lwarfjonTOLeNGd5BpdnHu5VRC fJml7uAYeyKsD8C4tEBEZXdheW5lIEdlcmFnaHR5IDxkZXdheW5lLmdlcmFnaHR5QGNvbnNj aXVtaW50ZXJuYXRpb25hbC5jb20uYXU+iQGXBBMBCABBAhshCwsKDQkIDAcLAwIECBUKCQgL AwIBBRYDAgEAAh4BAheAFiEEC8bIxjMx+sDl4ZCClWTtrUuYWt0FAl5UUOgACgkQlWTtrUuY Wt3xZAn/W/mq5nDhLIfqxVM9GbU8rGzNsGLfnt5NCVcWlBKhgxOOw9EWkcRTMymwX9OMqwxI +te6Gvy7rG53T2xprtsQyqESZmjWcUSEPsQ9hjw4VZCL15ftBeZMYyO2T1e41UImXAlftleT 2kXCktgyAfwfCzHhFiZM8k9QMFQV1x+JukJ9xPFBgICRLsLsVNVw/R1L7KqARuws4HqXxY1J SCpO+FB4b6tWSIRKbzlb6tctdKppKbG/adVYuoK61ngvmsAzy/9OLhF8u1MNCgyFd2woOErh /zyuap8KvJZMlwAIqpjsoHyXsa0cq8A/uNQSmodwBpRsEGXCmZIZq2FJw6N+38to8C8m97q0 YWrY63VsoA6hA4A4/ywzE3EiwGvqJQBMRv2ET3TIdTyLoEIwXq2bDPU7XTZGh5UZEsKFMHH5 228= Message-ID: Date: Mon, 6 Jul 2020 09:54:40 +1000 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd> Content-Type: text/plain; charset=windows-1252 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4B0QbD4jVZz4WHc X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=fail (headers rsa verify failed) header.d=heuristicsystems.com.au header.s=hsa header.b=By4CW4xe; dmarc=none; spf=pass (mx1.freebsd.org: domain of dewayne@heuristicsystems.com.au designates 203.41.22.115 as permitted sender) smtp.mailfrom=dewayne@heuristicsystems.com.au X-Spamd-Result: default: False [-1.79 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[heuristicsystems.com.au]; R_DKIM_REJECT(1.00)[heuristicsystems.com.au:s=hsa]; NEURAL_HAM_LONG(-1.05)[-1.045]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[203.41.22.115:from]; DKIM_TRACE(0.00)[heuristicsystems.com.au:-]; NEURAL_HAM_SHORT(-0.25)[-0.251]; NEURAL_HAM_MEDIUM(-0.99)[-0.991]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2020 23:56:45 -0000 On 5/07/2020 9:15 pm, Shawn Webb wrote: > > Sounds good. Thanks for the positive response. I might try to upstream > the tmpfs patch as well, but I'm not sure I've got the locking right, > yet. It's my first time working on a filesystem of any sort, and I'm > not confident I got it right on the first try. Time will tell. > > With extended attribute support, pkg could also store a hash of the > file as an extended attribute. One could use that as a method to > determine whether changes have been made. Think: application integrity > enforcement. > > So filesystem extended attribute support may have virtues outside of > HardenedBSD's exploit mitigation toggling use case. > > Thanks, > I like your thinking and appreciate you going to the effort to migrate features from HardenedBSD. I look forward to testing with samba which normally uses system,security and user namespaces; but we (ie Timur) have patched samba to use user namespace as that is all that can be manipulated within the jail context. Re: extattr. Though it might be better to store a signed hash of the file within the extended attribute as root. Reasoning is that applications running as non-root that have access to files, may, if hacked, change the hash. (assumes only root has access to the signing key) ;) Used in combination with mac.portacl is a sleep-easy approach. :) I am concerned for those that build their own packages that use archivers/libarchive. E.g. # ldd `which pkg` /usr/local/sbin/pkg: libelf.so.2 => /lib/libelf.so.2 (0x800881000) libjail.so.1 => /lib/libjail.so.1 (0x80089a000) libarchive.so.13 => /usr/local/lib/libarchive.so.13 (0x8008a2000) libbz2.so.4 => /usr/lib/libbz2.so.4 (0x800b60000) ... as any patch may need to be applied there as well. Kind regards, Dewayne.