[HEADSUP] Disallowing read() of a directory fd
Kyle Evans
kevans at freebsd.org
Sat May 16 16:26:23 UTC 2020
On Sat, May 16, 2020 at 10:18 AM Julian H. Stacey <jhs at berklix.com> wrote:
>
> Another use of "cat ." is to see names of transient files a tool
> creates, & normaly deletes, if not aborting, so one can find same
> name junk elsewhere, & search for tool causing junk,
> & ensure other data files avoid using names that would be zapped.
>
> While blocking "cat ." might be worked round if not in a jail, &
> or if using fsdb & sysctl etc, it would add to a more BSD specific
> environment, where standard portable Unix skills was insufficient,
> & more time needed to search & learn BSD extras. Every obstacle
> costs employers time = money.
>
This scenario is just a bit too generic for me to be able to relate
to, because I've never been in a situation where I would've had to or
just randomly used `cat .` to discover junk files. This also isn't
really a transferable skill to other modern OS and filesystems, as
oftentimes they won't or can't give you anything useful with read(2).
That said, I've written a MAC policy that can live atop the current
patch to lift all of the restrictions except the sysctl needing to be
set: https://people.freebsd.org/~kevans/mac-read_dir.diff -> I could
even be convinced fairly easily to commit it, if you'd find that
acceptable. The policy ends up looking generically useful, as you can
lift just the jail root restriction or you can allow any user to cat a
directory.
Thanks,
Kyle Evans
More information about the freebsd-arch
mailing list