Date: Fri, 15 May 2020 14:08:32 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Kyle Evans <kevans@freebsd.org> Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Alan Somers <asomers@freebsd.org>, "Julian H. Stacey" <jhs@berklix.com>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <hackers@freebsd.org> Subject: Re: [HEADSUP] Disallowing read() of a directory fd Message-ID: <202005152108.04FL8WeJ007130@slippy.cwsent.com> In-Reply-To: <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.com> References: <CACNAnaFszg%2BQWPRS0kghsnQMxXc%2B5niPTTNiUPSmK60YyBGCzA@mail.gmail.com> <202005142017.04EKH0aA093503@fire.js.berklix.net> <CAOtMX2i2Z-KX=3rYR2nZ1g1Lb_tF==H3xPKcQMBxJs1Kqr-meQ@mail.gmail.com> <33549.1589488226@critter.freebsd.dk> <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.c om> , Kyle Evans writes: > On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > > > -------- > > In message <CAOtMX2i2Z-KX=3rYR2nZ1g1Lb_tF==H3xPKcQMBxJs1Kqr-meQ@mail.gmail. > com> > > , Alan Somers writes: > > > > >Really? When is that occasionally useful? I've never seen anything usefu > l > > >come out of reading a directory. > > > > Two things I have done over the years: > > > > Figure out which filenames prevent a enormous but sparse directory > > from being compacted. > > > > Figure out which control characters were in a filename. > > > > Can we explore the possibility of using fsdb(8) to fulfill these needs > in a way that you'd be comfortable with? I am thoroughly motivated and > willing to do what I can to find a good path forward. We could add a I'd like to see a good business case before a developer spends their valuable time to fulfill a some function few if any people might use. Those objecting to this should demonstrate how they currently use read()ing directories. Otherwise IMO it's a waste of your time. > sysctl and remove the functionality from other filesystems that aren't > necessarily providing useful information and likely haven't been > audited for similar disclosures to > https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc > that may be exacerbated by read(2) on a dirfd, but I'd like to see if > there's any compromise that we can make where the compromise on my > side is that I have to put in the effort to otherwise enable presented > valid use-cases in an agreeable manner. > > Is there anything that I, as a developer that knows very little about > UFS and even less when compared to someone such as yourself, can do to > facilitate making this as easy as possible with the tooling otherwise > available? Again, I fail to see the reason why. What purpose would read()ing a directory serve? > > Looking at fsdb(8) briefly on this UFS partition I just spun up, it > seems as a somewhat low-hanging fruit that we could (in some/many > cases) infer a disk device from a standard directory/file path and > prompt for confirmation based on that, opening up to the proper inode, > even, as an example (wording would differ, and apologies for the > formatting): > > root@shiva:/mnt# stat etc > 682 12928 drwxr-xr-x 2 root wheel 26456 512 "May 14 23:58:27 2020" > "May 14 23:58:27 2020" "May 14 23:58:27 2020" "May 14 23:58:27 2020" > 32768 8 0 etc > > root@shiva:/mnt# fsdb etc > etc is not a disk device, but is mounted from /dev/md1. Use /dev/md1? [yn] y > ** /dev/md1 (NO WRITE) > Editing file system `/dev/md1' > Last Mounted on /mnt > current inode: directory > I=12928 MODE=40755 SIZE=512 > BTIME=May 14 23:58:27 2020 [611088000 nsec] > MTIME=May 14 23:58:27 2020 [614391000 nsec] > CTIME=May 14 23:58:27 2020 [614391000 nsec] > ATIME=May 14 23:58:27 2020 [614391000 nsec] > OWNER=root GRP=wheel LINKCNT=2 FLAGS=0 BLKCNT=8 GEN=a15cce24 > > fsdb (inum: 12928)> ls > slot 0 off 0 ino 12928 reclen 12: directory, `.' > slot 1 off 12 ino 2 reclen 500: directory, `..' > > fsdb (inum: 12928)> A print in hex command possibly. Would make more sense than reading a directory in the raw. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005152108.04FL8WeJ007130>