Re: Tried to reach out to the FreeBSD security team
- Reply: Jan Behrens : "Re: Tried to reach out to the FreeBSD security team"
- In reply to: Jan Behrens : "Tried to reach out to the FreeBSD security team"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 17 Dec 2023 17:01:01 UTC
Hi Jan, I had a look at the issue to which you are referring. My understanding of your concern is that after a snapshot is taken, a user has their access to some portion of the data revoked, but would be able to work around this new restriction via `.zfs/snapshots` by virtue of the fact that all snapshots are faithful read-only reproductions of state at the time each snapshot was created and they thus do not inherit changes made to permissions later on. If I have misunderstood, please let me know (and probably disregard the rest of this reply). Changing a snapshot is impossible by design, and This Is A Feature Not A Bug; if you want a changeable snapshot, then a clone is what you're after. It would seem as though the `.zfs/snapshots` feature is not well-known (it does not appear even when `ls -lA` is invoked by root in the root directory of a pool, for example) and should probably be better publicized so each sysadmin can make a decision as to whether or not they should restrict access to that "directory" to the root user (or wheel or whatnot). That said, perhaps there should be a discussion regarding whether or not `.zfs/snapshots` should be simply disabled by default. Cheers, Alex ---------------------------------------- Dec 17, 2023 14:46:59 Jan Behrens <jbe-mlist@magnetkern.de>: > Hi all, > > I tried to contact the FreeBSD security team and/or officer to bring > their attention to issue #265625, which I believe is security relevant > and which doesn't get fixed. > > None of my e-mails to secteam@FreeBSD.org or > security-officer@FreeBSD.org were answered. After some time, I tried to > write an e-mail to freebsd-security@freebsg.org. While that e-mail was > accepted by mx1.freebsd.org, I never got any response and my e-mail > didn't show up on the list. What is going on? > > My e-mails were sent on 2023-11-24 to secteam@FreeBSD.org, on > 2023-12-04 to security-officer@FreeBSD.org, and on 2023-12-11 to > freebsd-security@freebsd.org. > > Kind regards, > Jan Behrens