Date: Thu, 04 Jun 2020 18:17:46 +0000 From: bugzilla-noreply@freebsd.org To: standards@FreeBSD.org Subject: [Bug 246412] Return EISDIR when reading a directory Message-ID: <bug-246412-99-tfIzpZchlL@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-246412-99@https.bugs.freebsd.org/bugzilla/> References: <bug-246412-99@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246412 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: kevans Date: Thu Jun 4 18:17:27 UTC 2020 New revision: 361799 URL: https://svnweb.freebsd.org/changeset/base/361799 Log: vfs: add restrictions to read(2) of a directory [2/2] This commit adds the priv(9) that waters down the sysctl to make it only allow read(2) of a dirfd by the system root. Jailed root is not allowed, = but jail policy and superuser policy will abstain from allowing/denying it so that a MAC module can fully control the policy. Such a MAC module has been written, and can be found at: https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz It is expected that the MAC module won't be needed by many, as most only need to do such diagnostics that require this behavior as system root anyways. Interested parties are welcome to grab the MAC module above and create a port or locally integrate it, and with enough support it could s= ee introduction to base. As noted in mac_read_dir.c, it is released under the BSD 2 clause license and allows the restrictions to be lifted for only jailed root or for all unprivileged users. PR: 246412 Reviewed by: mckusick, kib, emaste, jilles, cy, phk, imp (all previous) Reviewed by: rgrimes (latest version) Differential Revision: https://reviews.freebsd.org/D24596 Changes: head/lib/libc/sys/read.2 head/sys/kern/kern_jail.c head/sys/kern/kern_priv.c head/sys/kern/vfs_vnops.c head/sys/sys/priv.h --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246412-99-tfIzpZchlL>