From owner-freebsd-hackers@freebsd.org Fri May 15 16:00:59 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9A5662F912D for ; Fri, 15 May 2020 16:00:59 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 49NtRv3C6Cz42hZ for ; Fri, 15 May 2020 16:00:59 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 6BDBF2F912B; Fri, 15 May 2020 16:00:59 +0000 (UTC) Delivered-To: hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6B8222F912A; Fri, 15 May 2020 16:00:59 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NtRv0WvHz42hY; Fri, 15 May 2020 16:00:59 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from John-Baldwins-MacBook-Pro-164.local (unknown [IPv6:2601:648:8203:2990:74f6:48c0:2e0b:8148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: jhb) by smtp.freebsd.org (Postfix) with ESMTPSA id 584441C0E4; Fri, 15 May 2020 16:00:58 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Subject: Re: [HEADSUP] Disallowing read() of a directory fd To: "Julian H. Stacey" , "freebsd-arch@freebsd.org" , "freebsd-hackers@freebsd.org" Cc: Kyle Evans , Poul-Henning Kamp , Alan Somers , Arne Steinkamm References: <202005151504.04FF423p040952@fire.js.berklix.net> From: John Baldwin Autocrypt: addr=jhb@FreeBSD.org; keydata= mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0 c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo /Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD /1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X 1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1 oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3 1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16 4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf afMAg8QvmOWnHx3wl8WslCaXaE8= Message-ID: Date: Fri, 15 May 2020 09:00:56 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <202005151504.04FF423p040952@fire.js.berklix.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2020 16:00:59 -0000 On 5/15/20 8:04 AM, Julian H. Stacey wrote: > Kyle Evans wrote: >> On Fri, May 15, 2020 at 2:51 AM Poul-Henning Kamp wrote: >>> >>> -------- >>> In message >>> , Kyle Evans writes: >>>> On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp wrote: >>> >>>> Can we explore the possibility of using fsdb(8) to fulfill these needs >>>> in a way that you'd be comfortable with? >>>> >>> Summary: I'm perfectly fine with read(2) returning error on a >>> directory *under normal circumstances*, and I think it makes good >>> sense by protecting a lot of terminals from a lot of binary >>> garbage. >>> >>> But there is absolutely no reason to make it *impossible* for >>> a competent root to do what competent roots do. >>> >> >> First, apologies if my previous message had offended you -- I didn't >> mean for this, but as you can tell I was not well-equipped to discuss >> the possibilities with a seasoned veteran such as yourself. >> >> I've prepared a patch locally to update the review that both hides it >> off behind security.bsd.allow_read_dir (default off) and restricts it >> to a new PRIV_VFS_READ_DIR that *is not* granted to jailed root. I > > No. Root is Root regardless if in a jail or not. Nope. Even a cursory read of prison_priv_check in kern_jail.c makes this abundantly clear. > kevans@ should retract his threat of forced urgent change, or expect > core@ be asked to remove his commit bit while FreeBSD considers > _un-rushed_, allowing sufficient time for all to consider options, > & to warn users in RELNOTES of any potential future change. You are free to ask core@ whatever you want, but you don't have the authority or credibility to claim that core@ will follow your wishes. I've watched many threads involving you over the past several years, and the pattern of behavior I've observed is that you are inflexible and usually just flame anyone who disagrees with your view or opinion. That may have been normal practice 20 years ago on the mailing lists when I first joined the project, but it isn't the normal practice now. The effect right now is that most other developers who mention you at all only do so to note that they ignore you due to your behavior. If you wish to have a voice that others will listen to in the future, you need to change your behavior. -- John Baldwin