From owner-freebsd-hackers@freebsd.org Fri May 15 21:08:42 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E6D72D9A39 for ; Fri, 15 May 2020 21:08:42 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49P1Gy0xFfz4Scx for ; Fri, 15 May 2020 21:08:42 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: by mailman.nyi.freebsd.org (Postfix) id 201392D9A35; Fri, 15 May 2020 21:08:42 +0000 (UTC) Delivered-To: hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1FC8B2D9A34; Fri, 15 May 2020 21:08:42 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49P1Gw5Y3zz4Sct; Fri, 15 May 2020 21:08:40 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id ZhZKjwTUmYYpxZhZLjBeTm; Fri, 15 May 2020 15:08:38 -0600 X-Authority-Analysis: v=2.3 cv=OubUNx3t c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=xqWC_Br6kY4A:10 a=kj9zAlcOel0A:10 a=sTwFKg_x9MkA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=EkcXrb_YAAAA:8 a=eYNpW-z5zCPCEBFOaAsA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [IPv6:fc00:1:1:1::5b]) by spqr.komquats.com (Postfix) with ESMTPS id B5CD059F; Fri, 15 May 2020 14:08:33 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id 04FL8XgW007133; Fri, 15 May 2020 14:08:33 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id 04FL8WeJ007130; Fri, 15 May 2020 14:08:32 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <202005152108.04FL8WeJ007130@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Kyle Evans cc: Poul-Henning Kamp , Alan Somers , "Julian H. Stacey" , "freebsd-arch@freebsd.org" , "freebsd-hackers@freebsd.org" Subject: Re: [HEADSUP] Disallowing read() of a directory fd In-reply-to: References: <202005142017.04EKH0aA093503@fire.js.berklix.net> <33549.1589488226@critter.freebsd.dk> Comments: In-reply-to Kyle Evans message dated "Fri, 15 May 2020 00:10:35 -0500." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 May 2020 14:08:32 -0700 X-CMAE-Envelope: MS4wfMifuAH4ZttWaMWykk8z+rExp2qTh0SdQv6mZtQHLZXc03pAlJ8GbWIcYAIPeA5Kax9JvLIOoGsQKY0WBq1EMPtQtC3f8Pr+5HqVs/UNVB9yjAF6++Va GWcVHJ/GHFTjynhkRgI1H3Q5ZLg4VQWm/IC1uo5/y2VcTIFoCbffpqi7v+d7gM4oR+yf+fKUhmiyYdZ0w1CZ+a0XM3ErVFQ7VJ3v8me8QU9ryqkAYDj7omgW dpkJDt/41E+l9JeHn3yHcSWJxzSuHqdEyyUkdd4dAF4aEUuOH3YUEWhd/0K+NjMQU2IZN0qNoaLLKsa0DmKp9KaZCqKhfvArjmk4kEqzsOI= X-Rspamd-Queue-Id: 49P1Gw5Y3zz4Sct X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.136.137) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-4.18 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; RCPT_COUNT_FIVE(0.00)[6]; REPLYTO_EQ_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-2.48)[ip: (-6.44), ipnet: 64.59.128.0/20(-3.30), asn: 6327(-2.58), country: CA(-0.09)]; RCVD_IN_DNSWL_LOW(-0.10)[137.136.59.64.list.dnswl.org : 127.0.5.1] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2020 21:08:42 -0000 In message , Kyle Evans writes: > On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp wrote: > > > > -------- > > In message com> > > , Alan Somers writes: > > > > >Really? When is that occasionally useful? I've never seen anything usefu > l > > >come out of reading a directory. > > > > Two things I have done over the years: > > > > Figure out which filenames prevent a enormous but sparse directory > > from being compacted. > > > > Figure out which control characters were in a filename. > > > > Can we explore the possibility of using fsdb(8) to fulfill these needs > in a way that you'd be comfortable with? I am thoroughly motivated and > willing to do what I can to find a good path forward. We could add a I'd like to see a good business case before a developer spends their valuable time to fulfill a some function few if any people might use. Those objecting to this should demonstrate how they currently use read()ing directories. Otherwise IMO it's a waste of your time. > sysctl and remove the functionality from other filesystems that aren't > necessarily providing useful information and likely haven't been > audited for similar disclosures to > https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc > that may be exacerbated by read(2) on a dirfd, but I'd like to see if > there's any compromise that we can make where the compromise on my > side is that I have to put in the effort to otherwise enable presented > valid use-cases in an agreeable manner. > > Is there anything that I, as a developer that knows very little about > UFS and even less when compared to someone such as yourself, can do to > facilitate making this as easy as possible with the tooling otherwise > available? Again, I fail to see the reason why. What purpose would read()ing a directory serve? > > Looking at fsdb(8) briefly on this UFS partition I just spun up, it > seems as a somewhat low-hanging fruit that we could (in some/many > cases) infer a disk device from a standard directory/file path and > prompt for confirmation based on that, opening up to the proper inode, > even, as an example (wording would differ, and apologies for the > formatting): > > root@shiva:/mnt# stat etc > 682 12928 drwxr-xr-x 2 root wheel 26456 512 "May 14 23:58:27 2020" > "May 14 23:58:27 2020" "May 14 23:58:27 2020" "May 14 23:58:27 2020" > 32768 8 0 etc > > root@shiva:/mnt# fsdb etc > etc is not a disk device, but is mounted from /dev/md1. Use /dev/md1? [yn] y > ** /dev/md1 (NO WRITE) > Editing file system `/dev/md1' > Last Mounted on /mnt > current inode: directory > I=12928 MODE=40755 SIZE=512 > BTIME=May 14 23:58:27 2020 [611088000 nsec] > MTIME=May 14 23:58:27 2020 [614391000 nsec] > CTIME=May 14 23:58:27 2020 [614391000 nsec] > ATIME=May 14 23:58:27 2020 [614391000 nsec] > OWNER=root GRP=wheel LINKCNT=2 FLAGS=0 BLKCNT=8 GEN=a15cce24 > > fsdb (inum: 12928)> ls > slot 0 off 0 ino 12928 reclen 12: directory, `.' > slot 1 off 12 ino 2 reclen 500: directory, `..' > > fsdb (inum: 12928)> A print in hex command possibly. Would make more sense than reading a directory in the raw. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few.