Date: Sun, 17 Dec 2023 18:01:01 +0100 (GMT+01:00) From: Alexander Burke <alex@alexburke.ca> To: Jan Behrens <jbe-mlist@magnetkern.de> Cc: freebsd-questions@freebsd.org Subject: Re: Tried to reach out to the FreeBSD security team Message-ID: <e5aeff29-0b0d-42ce-9332-70ab4d6f9643@alexburke.ca> In-Reply-To: <20231217144640.9e5881decba4008d88971e85@magnetkern.de> References: <20231217144640.9e5881decba4008d88971e85@magnetkern.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jan, I had a look at the issue to which you are referring. My understanding of your concern is that after a snapshot is taken, a user has their access to some portion of the data revoked, but would be able to work around this new restriction via `.zfs/snapshots` by virtue of the fact that all snapshots are faithful read-only reproductions of state at the time each snapshot was created and they thus do not inherit changes made to permissions later on. If I have misunderstood, please let me know (and probably disregard the rest of this reply). Changing a snapshot is impossible by design, and This Is A Feature Not A Bug; if you want a changeable snapshot, then a clone is what you're after. It would seem as though the `.zfs/snapshots` feature is not well-known (it does not appear even when `ls -lA` is invoked by root in the root directory of a pool, for example) and should probably be better publicized so each sysadmin can make a decision as to whether or not they should restrict access to that "directory" to the root user (or wheel or whatnot). That said, perhaps there should be a discussion regarding whether or not `.zfs/snapshots` should be simply disabled by default. Cheers, Alex ---------------------------------------- Dec 17, 2023 14:46:59 Jan Behrens <jbe-mlist@magnetkern.de>: > Hi all, > > I tried to contact the FreeBSD security team and/or officer to bring > their attention to issue #265625, which I believe is security relevant > and which doesn't get fixed. > > None of my e-mails to secteam@FreeBSD.org or > security-officer@FreeBSD.org were answered. After some time, I tried to > write an e-mail to freebsd-security@freebsg.org. While that e-mail was > accepted by mx1.freebsd.org, I never got any response and my e-mail > didn't show up on the list. What is going on? > > My e-mails were sent on 2023-11-24 to secteam@FreeBSD.org, on > 2023-12-04 to security-officer@FreeBSD.org, and on 2023-12-11 to > freebsd-security@freebsd.org. > > Kind regards, > Jan Behrens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e5aeff29-0b0d-42ce-9332-70ab4d6f9643>