Date: Fri, 8 Nov 2019 15:19:07 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: Jan Behrens <jbe-mlist@magnetkern.de> Cc: freebsd-fs@FreeBSD.org Subject: Re: ZFS snapdir readability (Crosspost) Message-ID: <ffc81c68-c2a5-0953-be02-09edc74c877b@FreeBSD.org> In-Reply-To: <20191108125226.4ffebc252e69c6cfa3c82165@magnetkern.de> References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> <CAOtMX2huHZcXHH%2B=3Bx7hX_p9udJ2acOX%2BZL8vW=pjqbe6mOAA@mail.gmail.com> <20191107012027.9639f3a9dda1941518358a52@magnetkern.de> <0a823048-d191-72e8-e20b-0491ebd4ea4a@peak.org> <20191107033622.16414272ae743d50f75786ec@magnetkern.de> <46343d6b-b614-2942-a28c-1ba8f28dd5a0@FreeBSD.org> <20191108125226.4ffebc252e69c6cfa3c82165@magnetkern.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/11/2019 13:52, Jan Behrens wrote: > Of course, "take as is or don't use it" is a valid approach to avoid > using insecure software, but I believe adding an option to restrict > readability of .zfs/snapdir to the owner of the root would > significantly improve security, especially as some operators might not > even be aware of the risks. I would not object to having something like snapdirmode property. I think that it's reasonable. -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ffc81c68-c2a5-0953-be02-09edc74c877b>