From nobody Tue Aug 29 19:31:46 2023 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RZyGs5Vwhz4s73V for ; Tue, 29 Aug 2023 19:31:49 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [IPv6:2001:470:1f0b:bbb:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4RZyGs1c8cz4YHp for ; Tue, 29 Aug 2023 19:31:49 +0000 (UTC) (envelope-from felix@palmen-it.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=palmen-it.de header.s=20200414 header.b=AsHKrpwU; spf=pass (mx1.freebsd.org: domain of felix@palmen-it.de designates 2001:470:1f0b:bbb:1::1 as permitted sender) smtp.mailfrom=felix@palmen-it.de; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=o6t3QlQZzyjMsHnuBPCGkKWOmgg41aDEIOFLzbeycwA=; b=AsHKrpwUqhvEaDREMPZ1M9qBtl sGzhCBlowKQ2tskqSEph7Rsd/vbT0AsrDPu0GzFm3xomJkt9yfFGtjiRnOBE6LmUb2xXiQP0igNP4 Iku2m0L8/JkqFqv8N3OFCFFE+3Fzl5xF0vNp17ulJrO49QzYANRENe2BTpj8YvUZmadij3Yybi4em XLbC8eOc3MR0u4w6qeqJ6jET+jvLHzo9uyTnHKeeNPBkk44DSqLRwUZm0z3MpmQWX0z0BMubvVTlF kv0znAN9J/KxFR63mz0vBNZ/hkELdNfWwlvVpFgFBxCEFwCnGHaRt9GLFeIoYW2Y7ZKqmB+gdNOsX +rA2fhlg==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qb4RH-00BC5B-ND for current@freebsd.org; Tue, 29 Aug 2023 21:31:47 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.96 (FreeBSD)) (envelope-from ) id 1qb4RH-0004qy-11 for current@freebsd.org; Tue, 29 Aug 2023 19:31:47 +0000 Date: Tue, 29 Aug 2023 21:31:46 +0200 From: Felix Palmen To: current@freebsd.org Subject: Re: Possible issue with linux xattr support? Message-ID: Mail-Followup-To: current@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: FreeBSD.org References: <20230829190258.uc67572553e4fq3v@mutt-hbsd> <20230829192516.jb2t65sp5rdlysss@mutt-hbsd> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xels6wu2gdu3mrys" Content-Disposition: inline In-Reply-To: <20230829192516.jb2t65sp5rdlysss@mutt-hbsd> User-Agent: NeoMutt/20230517 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.50 / 15.00]; DWL_DNSWL_MED(-2.00)[palmen-it.de:dkim]; SIGNED_PGP(-2.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; FORGED_SENDER(0.30)[zirias@freebsd.org,felix@palmen-it.de]; R_DKIM_ALLOW(-0.20)[palmen-it.de:s=20200414]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:1f0b:bbb:1::1:c]; RCVD_IN_DNSWL_MED(-0.20)[2001:470:1f0b:bbb:1::1:from]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCPT_COUNT_ONE(0.00)[1]; BLOCKLISTDE_FAIL(0.00)[2001:470:1f0b:bbb:1::1:server fail]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[current@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DOM_EQ_FROM_DOM(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[palmen-it.de:+]; HAS_ORG_HEADER(0.00)[]; TO_DN_NONE(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_NEQ_ENVFROM(0.00)[zirias@freebsd.org,felix@palmen-it.de]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4RZyGs1c8cz4YHp --xels6wu2gdu3mrys Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Shawn Webb [20230829 15:25]: > On Tue, Aug 29, 2023 at 09:15:03PM +0200, Felix Palmen wrote: > > * Kyle Evans [20230829 14:07]: > > > On 8/29/23 14:02, Shawn Webb wrote: > > > > Back in 2019, I had a similar issue: I needed access to be able to > > > > read/write to the system extended attribute namespace from within a > > > > jailed context. I wrote a rather simple patch that provides that > > > > support on a per-jail basis: > > > >=20 > > > > https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/96c859= 82b45e44a6105664c7068a92d0a61da2a3 > > > >=20 > > > > Hopefully that's useful to someone. > > > >=20 > > > > Thanks, > > > >=20 > > >=20 > > > FWIW (which likely isn't much), I like this approach much better; it = makes > > > more sense to me that it's a feature controlled by the creator of the= jail > > > and not one allowed just by using a compat ABI within a jail. > >=20 > > Well, a typical GNU userland won't work in a jail without this, that's > > what I know now. But I'm certainly with you, it doesn't feel logical > > that a Linux binary can do something in a jail a FreeBSD binary can't. > >=20 > > So, indeed, making it a jail option sounds better. > >=20 > > Unless, bringing back a question raised earlier in this thread: What's > > the reason to restrict this in a jailed context in the first place? IOW, > > could it just be allowed unconditionally? >=20 > In HardenedBSD's case, since we use filesystem extended attributes to > toggle exploit mitigations on a per-application basis, there's now a > conceptual security boundary between the host and the jail. >=20 > Should the jail and the host share resources, like executables, a > jailed process could toggle an exploit mitigation, and the toggle > would bubble up to the host. So the next time the host executed > /shared/app/executable/here, the security posture of the host would be > affected. Isn't the sane approach here *not* to share any executables with a jail other than via a read-only nullfs mount? > FreeBSD uses ELF header tagging, not filesystem extended attributes, > to toggle exploit mitigations. So my description above is moot for > FreeBSD users. I'm just hoping to share a unique perspective. Thanks! --=20 Felix Palmen {private} felix@palmen-it.de -- ports committer -- {web} http://palmen-it.de {pgp public key} http://palmen-it.de/pub.txt {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231 --xels6wu2gdu3mrys Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABYKAH0WIQRpNhPVW79IN7ISOsxUreAGmHnyMQUCZO5Hol8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Njkz NjEzRDU1QkJGNDgzN0IyMTIzQUNDNTRBREUwMDY5ODc5RjIzMQAKCRBUreAGmHny MdpPAP4ixAAvJRAaEpI1NeYfDTs6Ezw5zPxaa6aStU3nwxzrpAEAvl1L4epzz8nQ 7IRwY4uJBWVYWcako8p2U4pmE4Iiqwk= =tkNE -----END PGP SIGNATURE----- --xels6wu2gdu3mrys--