Date: Sat, 16 May 2020 19:58:37 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: Kyle Evans <kevans@freebsd.org> Cc: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: [HEADSUP] Disallowing read() of a directory fd Message-ID: <202005161758.04GHwbpZ038671@fire.js.berklix.net> In-Reply-To: Your message "Sat, 16 May 2020 11:26:11 -0500." <CACNAnaFapztQL3N4sWTv1-umh96xUeZPYUoQ3imX7fhCk5c0HA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kyle Evans wrote: > On Sat, May 16, 2020 at 10:18 AM Julian H. Stacey <jhs@berklix.com> wrote: > > > > Another use of "cat ." is to see names of transient files a tool > > creates, & normaly deletes, if not aborting, so one can find same > > name junk elsewhere, & search for tool causing junk, > > & ensure other data files avoid using names that would be zapped. > > > > While blocking "cat ." might be worked round if not in a jail, & > > or if using fsdb & sysctl etc, it would add to a more BSD specific > > environment, where standard portable Unix skills was insufficient, > > & more time needed to search & learn BSD extras. Every obstacle > > costs employers time = money. > > > > This scenario is just a bit too generic for me to be able to relate > to, because I've never been in a situation where I would've had to or > just randomly used `cat .` to discover junk files. Yes, it's a rare usage, I dont do it often. > This also isn't > really a transferable skill to other modern OS and filesystems, as > oftentimes they won't or can't give you anything useful with read(2). > > That said, I've written a MAC policy that can live atop the current > patch to lift all of the restrictions except the sysctl needing to be > set: https://people.freebsd.org/~kevans/mac-read_dir.diff -> I could > even be convinced fairly easily to commit it, if you'd find that > acceptable. The policy ends up looking generically useful, as you can > lift just the jail root restriction or you can allow any user to cat a > directory. > > Thanks, > > Kyle Evans Thanks, It's good if its all sysctl without reboot, (taking (phk's I recall) point about an fs not surviving a reboot) It sounds useful, if it allows 3 or is that more ? way choice between eg {old v. new} x { root v. non root } x { inside a jail v. outside } = 8 ? If all of that, I guess we'd just be down to a relaxed consideration about what default mode was for now & later. If there was change there, we'd need to check what policy is about giving advance notice of changes in RELNOTES. If RELNOTES required long notice than wanted , that could be worked round easily by implementing code, & merely issuing notice that defaults would change to new policy later at releasese x.y. I took a quick glance at https://people.freebsd.org/~kevans/mac-read_dir.diff but I'm sorry loads of real life distraction here. I'm sure others will want to read it. Thanks for working hard to cater for all cases ! :-) Cheers -- Julian Stacey, Consultant Systems Engineer, BSD Linux http://berklix.com/jhs/ http://www.berklix.org/corona/#masks Tie 2 handkerchiefs or 1 pillow case. Jobs & economy hit by Corona to be hit again by Crash Brexit 31st Dec. 2020
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005161758.04GHwbpZ038671>