[Bug 265625] .zfs/snapshot directory is always readable (also by non-privileged users)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 265625] .zfs/snapshot directory is always readable (also by non-privileged users)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Aug 2022 11:33:06 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265625

--- Comment #2 from jbe@magnetkern.de ---
(In reply to Anton Saietskii from comment #1)

That is right. However file ownership and modes may change for two reasons:

1. They have been wrongly set.
2. They were correct but changed to harden security or otherwise reflect a
change of access privileges.

If old snapshots exists, then this allows (non-root) users to access data even
if files have been deleted or privileges have been revoked. I consider it a
potential security problem that revocation of privileges can't be enforced
(unless all snapshots from the past are deleted, which isn't always practical).

-- 
You are receiving this mail because:
You are the assignee for the bug.