From nobody Sun Dec 17 17:01:01 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4StTkY60lpz53txV for ; Sun, 17 Dec 2023 17:01:25 +0000 (UTC) (envelope-from alex@alexburke.ca) Received: from out-181.mta0.migadu.com (out-181.mta0.migadu.com [91.218.175.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4StTkY3xXcz4VVt for ; Sun, 17 Dec 2023 17:01:25 +0000 (UTC) (envelope-from alex@alexburke.ca) Authentication-Results: mx1.freebsd.org; none Date: Sun, 17 Dec 2023 18:01:01 +0100 (GMT+01:00) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alexburke.ca; s=key1; t=1702832477; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kwjoi9Wle+n1TXnKlhbD6ZRRm9QDwBKg4xXV19ZVUzU=; b=RMcHf1njs9VvgrGvADXfyiwf4s/Nkcs9Pr3WodsviIfI584JvoQzAswcXT9yZSw0idoDYR obQbfS3zc6G9jjX+Hj7kK8vnjU1bwiN3PenF6Iqh6xJ1wk/6tPzqstpb+sfYqBfHn8i6ci NPJ0Ts7Rdpx3vne9hIo7XLvfb3qvlVc= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Alexander Burke To: Jan Behrens Cc: freebsd-questions@freebsd.org Message-ID: In-Reply-To: <20231217144640.9e5881decba4008d88971e85@magnetkern.de> References: <20231217144640.9e5881decba4008d88971e85@magnetkern.de> Subject: Re: Tried to reach out to the FreeBSD security team List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Correlation-ID: X-Migadu-Flow: FLOW_OUT X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:202172, ipnet:91.218.175.0/24, country:CH] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4StTkY3xXcz4VVt Hi Jan, I had a look at the issue to which you are referring. My understanding of your concern is that after a snapshot is taken, a user has their access to some portion of the data revoked, but would be able to work around this new restriction via `.zfs/snapshots` by virtue of the fact that all snapshots are faithful read-only reproductions of state at the time each snapshot was created and they thus do not inherit changes made to permissions later on. If I have misunderstood, please let me know (and probably disregard the rest of this reply). Changing a snapshot is impossible by design, and This Is A Feature Not A Bug; if you want a changeable snapshot, then a clone is what you're after. It would seem as though the `.zfs/snapshots` feature is not well-known (it does not appear even when `ls -lA` is invoked by root in the root directory of a pool, for example) and should probably be better publicized so each sysadmin can make a decision as to whether or not they should restrict access to that "directory" to the root user (or wheel or whatnot). That said, perhaps there should be a discussion regarding whether or not `.zfs/snapshots` should be simply disabled by default. Cheers, Alex ---------------------------------------- Dec 17, 2023 14:46:59 Jan Behrens : > Hi all, > > I tried to contact the FreeBSD security team and/or officer to bring > their attention to issue #265625, which I believe is security relevant > and which doesn't get fixed. > > None of my e-mails to secteam@FreeBSD.org or > security-officer@FreeBSD.org were answered. After some time, I tried to > write an e-mail to freebsd-security@freebsg.org. While that e-mail was > accepted by mx1.freebsd.org, I never got any response and my e-mail > didn't show up on the list. What is going on? > > My e-mails were sent on 2023-11-24 to secteam@FreeBSD.org, on > 2023-12-04 to security-officer@FreeBSD.org, and on 2023-12-11 to > freebsd-security@freebsd.org. > > Kind regards, > Jan Behrens