Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 May 2020 09:00:56 -0700
From:      John Baldwin <jhb@FreeBSD.org>
To:        "Julian H. Stacey" <jhs@berklix.com>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <hackers@freebsd.org>
Cc:        Kyle Evans <kevans@freebsd.org>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Alan Somers <asomers@freebsd.org>, Arne Steinkamm <freebsd-arch@Steinkamm.COM>
Subject:   Re: [HEADSUP] Disallowing read() of a directory fd
Message-ID:  <a0ce061d-683f-a6fc-a05d-51e5bc3d74dd@FreeBSD.org>
In-Reply-To: <202005151504.04FF423p040952@fire.js.berklix.net>
References:  <202005151504.04FF423p040952@fire.js.berklix.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/20 8:04 AM, Julian H. Stacey wrote:
> Kyle Evans wrote:
>> On Fri, May 15, 2020 at 2:51 AM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>>>
>>> --------
>>> In message <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA@mail.gmail.com>
>>> , Kyle Evans writes:
>>>> On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>>>
>>>> Can we explore the possibility of using fsdb(8) to fulfill these needs
>>>> in a way that you'd be comfortable with?
>>>>
>>> Summary:  I'm perfectly fine with read(2) returning error on a
>>> directory *under normal circumstances*, and I think it makes good
>>> sense by protecting a lot of terminals from a lot of binary
>>> garbage.
>>>
>>> But there is absolutely no reason to make it *impossible* for
>>> a competent root to do what competent roots do.
>>>
>>
>> First, apologies if my previous message had offended you -- I didn't
>> mean for this, but as you can tell I was not well-equipped to discuss
>> the possibilities with a seasoned veteran such as yourself.
>>
>> I've prepared a patch locally to update the review that both hides it
>> off behind security.bsd.allow_read_dir (default off) and restricts it
>> to a new PRIV_VFS_READ_DIR that *is not* granted to jailed root. I
> 
> No. Root is Root regardless if in a jail or not.

Nope.  Even a cursory read of prison_priv_check in kern_jail.c makes
this abundantly clear.

> kevans@ should retract his threat of forced urgent change, or expect
> core@ be asked to remove his commit bit while FreeBSD considers
> _un-rushed_,  allowing sufficient time for all to consider options,
> & to warn users in RELNOTES of any potential future change.

You are free to ask core@ whatever you want, but you don't have the
authority or credibility to claim that core@ will follow your wishes.

I've watched many threads involving you over the past several years,
and the pattern of behavior I've observed is that you are inflexible
and usually just flame anyone who disagrees with your view or opinion.
That may have been normal practice 20 years ago on the mailing lists
when I first joined the project, but it isn't the normal practice now.
The effect right now is that most other developers who mention you at
all only do so to note that they ignore you due to your behavior.  If
you wish to have a voice that others will listen to in the future, you
need to change your behavior.

-- 
John Baldwin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0ce061d-683f-a6fc-a05d-51e5bc3d74dd>