From owner-freebsd-fs@freebsd.org Thu Nov 7 18:07:35 2019 Return-Path: Delivered-To: freebsd-fs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4CC2D1BB849 for ; Thu, 7 Nov 2019 18:07:35 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 478BFf1bpVz43W5 for ; Thu, 7 Nov 2019 18:07:33 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p57A35420.dip0.t-ipconnect.de [87.163.84.32]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id AF07CAA7D for ; Thu, 7 Nov 2019 18:07:21 +0000 (UTC) Date: Thu, 7 Nov 2019 19:07:20 +0100 From: Jan Behrens To: freebsd-fs@freebsd.org Subject: Re: ZFS snapdir readability (Crosspost) Message-Id: <20191107190720.8ed2e1016b02c14ef5071adf@magnetkern.de> In-Reply-To: References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 478BFf1bpVz43W5 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [-0.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-0.94)[-0.937,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.58)[-0.582,0]; DMARC_NA(0.00)[magnetkern.de]; MV_CASE(0.50)[]; IP_SCORE(0.38)[ipnet: 185.228.136.0/22(2.48), asn: 197540(-0.58), country: DE(-0.01)]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[32.84.163.87.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Nov 2019 18:07:35 -0000 On Thu, 7 Nov 2019 09:54:11 -0500 mike tancsa wrote: > [...] I think I recall > ZoL adding this as a feature back when I ran into this issue via zfs > allow / unallow ? Or at least I think I saw discussion about it. > > https://github.com/zfsonlinux/zfs/issues/3963 > >     ---Mike I'm happy that apparently some other people share my worries, like "jelinekr" commented already on Oct 27, 2015 on that ticket: "We need this for security reasons in cases where a too permissive dirent entry gets fixed, the vulnerability is still present and accessible in older snapshots." The ticket is marked as closed, but this seems to be a mistake. I found out about the "snapdir" property for "zfs allow" a while ago. Using "zfs allow snapdir ", however, does *not* grant access to access the .zfs directory, and "zfs unallow snapdir " does not revoke reading privileges. Instead, "zfs allow" can be used to grant non-privileged users the right to set the snapdir property to "visible" or "hidden" as follows: root # zfs allow bob snapdir zroot/usr/home root # su bob bob % zfs set snapdir=visible zroot/usr/home bob % zfs set snapdir=hidden zroot/usr/home bob % exit root # zfs unallow bob snapdir zroot/usr/home root # su bob bob % zfs set snapdir=visible zroot/usr/home cannot set property for 'zroot': permission denied bob % cat /usr/home/.zfs/snapshot/2010-10-27/alice/.ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- ... I assume that there was a misunderstanding when closing the ticket referenced above, since implementing "zfs allow" does not fix the issue (unless Linux' "zfs allow" works differently than FreeBSD's). See also comment by wl2018 on Feb 1, 2018 on https://github.com/zfsonlinux/zfs/issues/3963 Regards, Jan