Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 04 Jun 2020 18:17:46 +0000
From:      bugzilla-noreply@freebsd.org
To:        standards@FreeBSD.org
Subject:   [Bug 246412] Return EISDIR when reading a directory
Message-ID:  <bug-246412-99-tfIzpZchlL@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-246412-99@https.bugs.freebsd.org/bugzilla/>
References:  <bug-246412-99@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246412

--- Comment #4 from commit-hook@freebsd.org ---
A commit references this bug:

Author: kevans
Date: Thu Jun  4 18:17:27 UTC 2020
New revision: 361799
URL: https://svnweb.freebsd.org/changeset/base/361799

Log:
  vfs: add restrictions to read(2) of a directory [2/2]

  This commit adds the priv(9) that waters down the sysctl to make it only
  allow read(2) of a dirfd by the system root. Jailed root is not allowed, =
but
  jail policy and superuser policy will abstain from allowing/denying it so
  that a MAC module can fully control the policy.

  Such a MAC module has been written, and can be found at:
  https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz

  It is expected that the MAC module won't be needed by many, as most only
  need to do such diagnostics that require this behavior as system root
  anyways. Interested parties are welcome to grab the MAC module above and
  create a port or locally integrate it, and with enough support it could s=
ee
  introduction to base. As noted in mac_read_dir.c, it is released under the
  BSD 2 clause license and allows the restrictions to be lifted for only
  jailed root or for all unprivileged users.

  PR:           246412
  Reviewed by:  mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
  Reviewed by:  rgrimes (latest version)
  Differential Revision:        https://reviews.freebsd.org/D24596

Changes:
  head/lib/libc/sys/read.2
  head/sys/kern/kern_jail.c
  head/sys/kern/kern_priv.c
  head/sys/kern/vfs_vnops.c
  head/sys/sys/priv.h

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246412-99-tfIzpZchlL>