Date: Fri, 15 May 2020 17:04:02 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <hackers@freebsd.org> Cc: Kyle Evans <kevans@freebsd.org>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Alan Somers <asomers@freebsd.org>, Arne Steinkamm <freebsd-arch@Steinkamm.COM> Subject: Re: [HEADSUP] Disallowing read() of a directory fd Message-ID: <202005151504.04FF423p040952@fire.js.berklix.net> In-Reply-To: Your message "Fri, 15 May 2020 08:14:38 -0500." <CACNAnaFp2d1E%2B5Vz9qdf_hXqtpHTnx_gkNQvVLcfjwNCs4Jjzg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kyle Evans wrote: > On Fri, May 15, 2020 at 2:51 AM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > > > -------- > > In message <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.com> > > , Kyle Evans writes: > > >On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > > > >Can we explore the possibility of using fsdb(8) to fulfill these needs > > >in a way that you'd be comfortable with? > >> > > Summary: I'm perfectly fine with read(2) returning error on a > > directory *under normal circumstances*, and I think it makes good > > sense by protecting a lot of terminals from a lot of binary > > garbage. > > > > But there is absolutely no reason to make it *impossible* for > > a competent root to do what competent roots do. > > > > First, apologies if my previous message had offended you -- I didn't > mean for this, but as you can tell I was not well-equipped to discuss > the possibilities with a seasoned veteran such as yourself. > > I've prepared a patch locally to update the review that both hides it > off behind security.bsd.allow_read_dir (default off) and restricts it > to a new PRIV_VFS_READ_DIR that *is not* granted to jailed root. I No. Root is Root regardless if in a jail or not. A root admin of a server in a jail needs full power without waiting days to contact other root human who owns the prison, without wasting human time of jail owner & prison owner formulating email request & considering & enabling requirement. kevans@ wasted FreeBSD time with threat of change at 2 days notice, for an issue unchanged since 1972. The rush was immature. kevans@ should retract his threat of forced urgent change, or expect core@ be asked to remove his commit bit while FreeBSD considers _un-rushed_, allowing sufficient time for all to consider options, & to warn users in RELNOTES of any potential future change. > know we've already discussed this to some extent, but can you confirm > that these restrictions are reasonable and acceptable for you? I've > tentatively placed it in the security.bsd.* namespace because it can > and has had security implications, but I'm certainly not dead-set on > it staying there. > > Thanks, > > Kyle Evans > Cheers -- Julian Stacey, Consultant Systems Engineer, BSD Linux http://berklix.com/jhs/ http://www.berklix.org/corona/#masks Tie 2 handkerchiefs or 1 pillow case. Jobs & economy hit by Corona to be hit again by Crash Brexit 31st Dec. 2020
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005151504.04FF423p040952>