[HEADSUP] Disallowing read() of a directory fd

Kyle Evans kevans at freebsd.org
Fri May 15 19:58:07 UTC 2020


On Fri, May 15, 2020 at 2:44 PM Rodney W. Grimes
<freebsd at gndrsh.dnsmgr.net> wrote:
>
> > On Thu, May 14, 2020 at 1:26 PM Kyle Evans <kevans at freebsd.org> wrote:
> > >
> > > Hi,
> > >
> > > This is a heads up, given that I'm completely flipping our historical
> > > behavior- I intend to commit this review in a couple days' time
> > > without substantial objection: https://reviews.freebsd.org/D24596
> > >
> >
> > Note that the review has been updated to reflect feedback received
> > through the course of this discussion. The current version, as of the
> > time of writing, instead adds a security.bsd.allow_read_dir
> > (defaulting to off) that will allow the system root (*not* jailed
> > root) the ability to read(2) a directory if the filesystem supports
> > it. A new priv(9), PRIV_VFS_READ_DIR has been added so that anyone
> > interested in expanding the scope of the sysctl beyond the system root
> > is welcome to implement a MAC policy for it.
> >
> > rgrimes@ and phk@ have been specifically invited to the review as
> > representatives of those opposing the original change, but of course
> > anyone is free to add themselves and/or simply chime in with
> > constructive objections.
>
> I did not oppose the change, just asked that the change be knobbed
> so that the few rare ones of us that do use this ability do not
> have to jump through hoops when we need it to fix a problem.
>

Apologies, I did not intend to misrepresent your position --  I had
interpreted your post as "objection with a path to acceptance" and
followed it to that end since I was providing a revised version that
aimed to also appeal to your criteria.

Thanks,

Kyle Evans


More information about the freebsd-arch mailing list