From nobody Sat Mar 29 20:09:33 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQ7lj2pWRz5s1TW for ; Sat, 29 Mar 2025 20:09:37 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQ7lh1f61z3bCp for ; Sat, 29 Mar 2025 20:09:36 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=MKgl5iGR; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::12d as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org Received: by mail-il1-x12d.google.com with SMTP id e9e14a558f8ab-3cfeff44d94so11199655ab.0 for ; Sat, 29 Mar 2025 13:09:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1743278975; x=1743883775; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=h+VXl5mz0k1GbSCFY2Eto1VxqtB+1/Br3trTmhLbR0c=; b=MKgl5iGRVDOkyb/lh2iFHntepZji3fWz+T5kb59ItnCHonIG0Olj5Z3av3PWOEoBQC c5iCQNTLhNiU02+mRMjmtrlkj6DBA90Fdwr0GusZuMvIdriZwrG4onZAngS4r3NiILcW cnf2UgAbdJl9bab5ntWYIneTtjFxEZIwa1rtc5HKySai+FCsQv9a9U+VxSNvmEN2mI5e zeJheHY+QTMjdZ6ANnUU+DAS1iz61+0nDIemChaaHlmSbbpi20DVFeyXX0bE1yz29Xj9 /5ufq0a++PgwR3Qot64gg2kt/vCo4A8Lt8W8a4ZlhezCvI6qgAkukMfO8bVn6xi2yh0M o7Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743278975; x=1743883775; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=h+VXl5mz0k1GbSCFY2Eto1VxqtB+1/Br3trTmhLbR0c=; b=qijBWswC100RL5IWxkXPykPa7X1l2mjcjOJTheekg41PuYbO+lYTsSloZSbQbdEr82 +GptQxJxQHgEu9wYzIt+QCfvLWJmkouktkYnZMjkixdd8kSeeOlJDGREiMNtC5SBGUno 8/a/G1TV2N/X9uxx11N0VNVF1gMHbY217qJZ5Ywbo7Ot/xJ7QKUocj/B7kcmIyXNCn6Q Im+HGghVVIpAuekMDX7iXjWIaTPI/CXpLIYBbTuJ9S6leV7XadXjTGO3kPTZzKYcnwdg HIiZjMI1OwIbHRhuFl2FRuEEcGsn82MSycUO4UVU1FCZUN/2WU/WM62sEOSWlaUtMCDH jDEw== X-Forwarded-Encrypted: i=1; AJvYcCXn7G+e+S38KGdsZi1sMOfWrjdDDAyXSUiWUe09+OZWCWOWio5nhrlTllP2wdTLuKq6WcsgtOgLR/F8SZRwZMg=@freebsd.org X-Gm-Message-State: AOJu0YxneDIZdCk1ABQXnKSzinMyWqmi+uZZ7xWBKCflprDg15TijgxB 2U05l2Vsf7lGJ5r8I6c1cSHn+TOnDl7fhjnRBi7QX+n+UcQQAhJ3+SNde7vcYqg= X-Gm-Gg: ASbGncsVnfrWYo3PcHz2FlzQGAVCiGK7I73PRS9WFczkAAQD+l9i/XXr7GC2xkS6v0V rOuR+QZP7zpaJaVZFTwbL0a1q/38b2WCXgcxCN58XndfNyn3k3z1NoDMEJaR5y/Q33n1etC2MiX QDJYnnyZdoa6vrGvvLpSpdEvlub2LuU2uOX+v1GawhJa/d268PnGQvhrAnyUWUrEWExYQuLooOo jIrWGBZfGd8ce+kt7SjmPzjoBwmcII4xm7Z9eamFjUkBXO2Je9BPHPjAAM8r7yxKRqOXnMxAGkB bT0bVKgLAakmy5LSGMdLvLDNz2iiY51oYss4jg== X-Google-Smtp-Source: AGHT+IGEON+vKiEj3vq8jdSEJHWmQ00hTJ0oiDcgaGKGq69QRbMg0XshvDhnivukHzjXQTSjlxE1uw== X-Received: by 2002:a05:6e02:2482:b0:3d0:235b:4810 with SMTP id e9e14a558f8ab-3d5e08f0783mr43723765ab.2.1743278974754; Sat, 29 Mar 2025 13:09:34 -0700 (PDT) Received: from mutt-hbsd ([2001:470:4001:1::95]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4f464751f00sm1032173173.58.2025.03.29.13.09.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 29 Mar 2025 13:09:34 -0700 (PDT) Date: Sat, 29 Mar 2025 20:09:33 +0000 From: Shawn Webb To: Rick Macklem Cc: Dennis Clarke , freebsd-current@freebsd.org Subject: Re: RFC: Solaris style extended attributes for FreeBSD Message-ID: X-Operating-System: FreeBSD mutt-hbsd 14.2-STABLE-HBSD FreeBSD 14.2-STABLE-HBSD HARDENEDBSD-14-STABLE amd64 X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <410014e4-75a6-4923-8f84-3935cab41c31@blastwave.org> <3dso3cojzxnylcfmpmgwzizp4omzpmnbfgz3zt5pvgeur4wss6@kblfkmtssebw> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="iladfedsr74ra2c7" Content-Disposition: inline In-Reply-To: X-Spamd-Result: default: False [-5.09 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; NEURAL_HAM_LONG(-1.00)[-0.996]; MID_RHS_NOT_FQDN(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; RCPT_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_TO(0.00)[gmail.com]; ARC_NA(0.00)[]; DMARC_NA(0.00)[hardenedbsd.org]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; TAGGED_RCPT(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::12d:from] X-Rspamd-Queue-Id: 4ZQ7lh1f61z3bCp X-Spamd-Bar: ----- --iladfedsr74ra2c7 Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Subject: Re: RFC: Solaris style extended attributes for FreeBSD MIME-Version: 1.0 On Sat, Mar 29, 2025 at 01:04:08PM -0700, Rick Macklem wrote: > On Sat, Mar 29, 2025 at 12:50=E2=80=AFPM Shawn Webb wrote: > > > > On Sat, Mar 29, 2025 at 12:39:02PM -0700, Rick Macklem wrote: > > > > I had added filesystem extended attribute support to libarchive, wh= ich > > > > is what FreeBSD's tar(1) is based off of. I upstreamed that, so tha= t's > > > > taken care of. FreeBSD's tar(1) has supported extended attributes > > > > since 2020 (see libarchive PR 1409: > > > > https://github.com/libarchive/libarchive/pull/1409) > > > Ok, thanks for the info. If this stuff goes into FreeBSD, it probably= needs > > > to be tweaked to use the different syscall API so that it can handle = large > > > attributes and maybe the attribute's mode. (someday, maybe?) > > > > I believe libarchive has been updated in FreeBSD since October 2020, > > so the vendored libarchive in FreeBSD should already support it. But, > > yeah, if FreeBSD makes changes to how extended attributes work, I or > > someone else would need to update libarchive to account for that. > > > > Since HardenedBSD follows FreeBSD closely (we sync every six hours), I > > would probably volunteer to update the libarchive code. > > > > > > Just one data point here: HardenedBSD uses filesystem extended > > > > attributes to toggle certain exploit mitigations on a per-applicati= on > > > > basis. That's why we added support to libarchive: so we can ship > > > > certain packages with exploit mitigations pre-toggled. > > > Just curious. Does it use "system" or "user" attribute space? > > > > We use the system namespace, though the userland tool (hbsdcontrol) > > was recently taught about the user namespace. The kernel side only > > supports system namespace. So the user namespace support in > > hbsdcontrol is somewhat meaningless. I do plan to eventually get to > > the kernel side, but my TODO list continues growing. :-) > Ok, this wouldn't be affected by the patches I've been doing, since they > handle user space only. (system space will still work, but only via the > extattr_XXX() APIs. Cool. I have another project that uses user namespaces: https://git.hardenedbsd.org/shawn.webb/altfs AltFS is a fusefs driver that stores file payload in filesystem extended attributes, using the user namespace. It only partially works and again is bitten by more important items on my TODO list. It mainly serves as a proof-of-concept for a weird data exfiltration technique. Not at all meant for actual production use. Do you already have a patch for review in Phabric? I might want to add myself to it so I can more easily keep informed. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --iladfedsr74ra2c7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmfoU3YACgkQ/y5nonf4 4fr/Og/8DG/z0p1L9HbivCXVXD2aioV2kZJWOdiMXTHd7xBG9OFcO+uqilvcU3qg rErNz14ntZZNgq4rqydE5igWzaC2+pQo+0Dn5QJ/9LKAYfL8J6G1Z8RTEwD34BFz u95FatLpQw0hC1PM9VAeEV8hOPw+jnVL+LhCo2Xp5koL+ufV7pHRMEG2fllcAIgJ 7E+/qbkcP6x5mv7IxbkdsEWiUMs3WEX4s11Fsk8Mz63g65z8gkejOhFXxAgcLIJS KzOW1LQy4DeLzSBGybbwiQNPUb0YvHqCOcebmVYLAvAP9CyELtkqTwmXrr8lTOgR XrpUdMKyF85bYF4p0vt4rPz+Uop0Qm1PBz4N/nix5gnENNoCA87Ajxp/5sB3e5kF /SieyTn2rGK91Yv1HKXJX1zAkKdNHkCGpV35RIcNBoZDg58w4cleWLgtevhaOT3g TjOeWR6+Px8nO6YvaOjlVKrHen4WY3PnYd0E+zLKv1Of4DXufYDXqQWLIumgefSH HDHQ4fyiAkknMsxRBm2bBVOxJoGEWHgkP8o47wl0KNlTSJhjFZzIJc94/qdmS8a+ 94GxS6WFWGXsXB4+8XEvnn8IvW5hT6iZIMQaa+wRKRyLjA58KMYiL1BsjGPMO67q BUS4ukiXUAB32YlihUB1/WmebQPWeOkzFJWdrkhR2SCCZOlViQk= =mndp -----END PGP SIGNATURE----- --iladfedsr74ra2c7--