Date: Fri, 15 May 2020 00:10:35 -0500 From: Kyle Evans <kevans@freebsd.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: Alan Somers <asomers@freebsd.org>, "Julian H. Stacey" <jhs@berklix.com>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <hackers@freebsd.org> Subject: Re: [HEADSUP] Disallowing read() of a directory fd Message-ID: <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.com> In-Reply-To: <33549.1589488226@critter.freebsd.dk> References: <CACNAnaFszg%2BQWPRS0kghsnQMxXc%2B5niPTTNiUPSmK60YyBGCzA@mail.gmail.com> <202005142017.04EKH0aA093503@fire.js.berklix.net> <CAOtMX2i2Z-KX=3rYR2nZ1g1Lb_tF==H3xPKcQMBxJs1Kqr-meQ@mail.gmail.com> <33549.1589488226@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > -------- > In message <CAOtMX2i2Z-KX=3rYR2nZ1g1Lb_tF==H3xPKcQMBxJs1Kqr-meQ@mail.gmail.com> > , Alan Somers writes: > > >Really? When is that occasionally useful? I've never seen anything useful > >come out of reading a directory. > > Two things I have done over the years: > > Figure out which filenames prevent a enormous but sparse directory > from being compacted. > > Figure out which control characters were in a filename. > Can we explore the possibility of using fsdb(8) to fulfill these needs in a way that you'd be comfortable with? I am thoroughly motivated and willing to do what I can to find a good path forward. We could add a sysctl and remove the functionality from other filesystems that aren't necessarily providing useful information and likely haven't been audited for similar disclosures to https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc that may be exacerbated by read(2) on a dirfd, but I'd like to see if there's any compromise that we can make where the compromise on my side is that I have to put in the effort to otherwise enable presented valid use-cases in an agreeable manner. Is there anything that I, as a developer that knows very little about UFS and even less when compared to someone such as yourself, can do to facilitate making this as easy as possible with the tooling otherwise available? Looking at fsdb(8) briefly on this UFS partition I just spun up, it seems as a somewhat low-hanging fruit that we could (in some/many cases) infer a disk device from a standard directory/file path and prompt for confirmation based on that, opening up to the proper inode, even, as an example (wording would differ, and apologies for the formatting): root@shiva:/mnt# stat etc 682 12928 drwxr-xr-x 2 root wheel 26456 512 "May 14 23:58:27 2020" "May 14 23:58:27 2020" "May 14 23:58:27 2020" "May 14 23:58:27 2020" 32768 8 0 etc root@shiva:/mnt# fsdb etc etc is not a disk device, but is mounted from /dev/md1. Use /dev/md1? [yn] y ** /dev/md1 (NO WRITE) Editing file system `/dev/md1' Last Mounted on /mnt current inode: directory I=12928 MODE=40755 SIZE=512 BTIME=May 14 23:58:27 2020 [611088000 nsec] MTIME=May 14 23:58:27 2020 [614391000 nsec] CTIME=May 14 23:58:27 2020 [614391000 nsec] ATIME=May 14 23:58:27 2020 [614391000 nsec] OWNER=root GRP=wheel LINKCNT=2 FLAGS=0 BLKCNT=8 GEN=a15cce24 fsdb (inum: 12928)> ls slot 0 off 0 ino 12928 reclen 12: directory, `.' slot 1 off 12 ino 2 reclen 500: directory, `..' fsdb (inum: 12928)> Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA>