[HEADSUP] Disallowing read() of a directory fd

Julian H. Stacey jhs at berklix.com
Fri May 15 15:04:32 UTC 2020 

Kyle Evans wrote:
> On Fri, May 15, 2020 at 2:51 AM Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> >
> > --------
> > In message <CACNAnaFDHMkConkBLY-2BMAudueDA8-HTJ5_FNpt4WrB=gg_HA at mail.gmail.com>
> > , Kyle Evans writes:
> > >On Thu, May 14, 2020 at 3:30 PM Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> >
> > >Can we explore the possibility of using fsdb(8) to fulfill these needs
> > >in a way that you'd be comfortable with?
> >>
> > Summary:  I'm perfectly fine with read(2) returning error on a
> > directory *under normal circumstances*, and I think it makes good
> > sense by protecting a lot of terminals from a lot of binary
> > garbage.
> >
> > But there is absolutely no reason to make it *impossible* for
> > a competent root to do what competent roots do.
> >
> 
> First, apologies if my previous message had offended you -- I didn't
> mean for this, but as you can tell I was not well-equipped to discuss
> the possibilities with a seasoned veteran such as yourself.
> 
> I've prepared a patch locally to update the review that both hides it
> off behind security.bsd.allow_read_dir (default off) and restricts it
> to a new PRIV_VFS_READ_DIR that *is not* granted to jailed root. I

No. Root is Root regardless if in a jail or not.  A root admin of
a server in a jail needs full power without waiting days to contact
other root human who owns the prison, without wasting human time
of jail owner & prison owner formulating email request & considering
& enabling requirement.


kevans@ wasted FreeBSD time with threat of change at 2 days notice,
for an issue unchanged since 1972.  The rush was immature.

kevans@ should retract his threat of forced urgent change, or expect
core@ be asked to remove his commit bit while FreeBSD considers
_un-rushed_,  allowing sufficient time for all to consider options,
& to warn users in RELNOTES of any potential future change.


> know we've already discussed this to some extent, but can you confirm
> that these restrictions are reasonable and acceptable for you? I've
> tentatively placed it in the security.bsd.* namespace because it can
> and has had security implications, but I'm certainly not dead-set on
> it staying there.
> 
> Thanks,
> 
> Kyle Evans
> 

Cheers
--
Julian Stacey, Consultant Systems Engineer, BSD Linux http://berklix.com/jhs/
http://www.berklix.org/corona/#masks  Tie 2 handkerchiefs or 1 pillow case. 
Jobs & economy hit by Corona to be hit again by Crash Brexit 31st Dec. 2020

More information about the freebsd-hackers mailing list