Date: Mon, 6 Jul 2020 09:54:40 +1000 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: Shawn Webb <shawn.webb@hardenedbsd.org>, Baptiste Daroussin <bapt@FreeBSD.org> Cc: pkg@freebsd.org, dev@hardenedbsd.org Subject: Re: Filesystem extended attributes support Message-ID: <fb41d421-c3a7-c373-b094-bea6c1f02c9d@heuristicsystems.com.au> In-Reply-To: <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd> References: <20200704141345.xwdf2ckxak2hfpkh@mutt-hbsd> <20200704201100.lkcde42gtlgspwpr@ivaldir.net> <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/07/2020 9:15 pm, Shawn Webb wrote: > > Sounds good. Thanks for the positive response. I might try to upstream > the tmpfs patch as well, but I'm not sure I've got the locking right, > yet. It's my first time working on a filesystem of any sort, and I'm > not confident I got it right on the first try. Time will tell. > > With extended attribute support, pkg could also store a hash of the > file as an extended attribute. One could use that as a method to > determine whether changes have been made. Think: application integrity > enforcement. > > So filesystem extended attribute support may have virtues outside of > HardenedBSD's exploit mitigation toggling use case. > > Thanks, > I like your thinking and appreciate you going to the effort to migrate features from HardenedBSD. I look forward to testing with samba which normally uses system,security and user namespaces; but we (ie Timur) have patched samba to use user namespace as that is all that can be manipulated within the jail context. Re: extattr. Though it might be better to store a signed hash of the file within the extended attribute as root. Reasoning is that applications running as non-root that have access to files, may, if hacked, change the hash. (assumes only root has access to the signing key) ;) Used in combination with mac.portacl is a sleep-easy approach. :) I am concerned for those that build their own packages that use archivers/libarchive. E.g. # ldd `which pkg` /usr/local/sbin/pkg: libelf.so.2 => /lib/libelf.so.2 (0x800881000) libjail.so.1 => /lib/libjail.so.1 (0x80089a000) libarchive.so.13 => /usr/local/lib/libarchive.so.13 (0x8008a2000) libbz2.so.4 => /usr/lib/libbz2.so.4 (0x800b60000) ... as any patch may need to be applied there as well. Kind regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fb41d421-c3a7-c373-b094-bea6c1f02c9d>