Date: Mon, 6 Jul 2020 09:54:40 +1000 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: Shawn Webb <shawn.webb@hardenedbsd.org>, Baptiste Daroussin <bapt@FreeBSD.org> Cc: pkg@freebsd.org, dev@hardenedbsd.org Subject: Re: Filesystem extended attributes support Message-ID: <fb41d421-c3a7-c373-b094-bea6c1f02c9d@heuristicsystems.com.au> In-Reply-To: <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd> References: <20200704141345.xwdf2ckxak2hfpkh@mutt-hbsd> <20200704201100.lkcde42gtlgspwpr@ivaldir.net> <20200705111538.axuh3ohdpqkb74ym@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/07/2020 9:15 pm, Shawn Webb wrote:
>
> Sounds good. Thanks for the positive response. I might try to upstream
> the tmpfs patch as well, but I'm not sure I've got the locking right,
> yet. It's my first time working on a filesystem of any sort, and I'm
> not confident I got it right on the first try. Time will tell.
>
> With extended attribute support, pkg could also store a hash of the
> file as an extended attribute. One could use that as a method to
> determine whether changes have been made. Think: application integrity
> enforcement.
>
> So filesystem extended attribute support may have virtues outside of
> HardenedBSD's exploit mitigation toggling use case.
>
> Thanks,
>
I like your thinking and appreciate you going to the effort to migrate
features from HardenedBSD.
I look forward to testing with samba which normally uses system,security
and user namespaces; but we (ie Timur) have patched samba to use user
namespace as that is all that can be manipulated within the jail context.
Re: extattr. Though it might be better to store a signed hash of the
file within the extended attribute as root. Reasoning is that
applications running as non-root that have access to files, may, if
hacked, change the hash. (assumes only root has access to the signing
key) ;) Used in combination with mac.portacl is a sleep-easy approach. :)
I am concerned for those that build their own packages that use
archivers/libarchive. E.g.
# ldd `which pkg`
/usr/local/sbin/pkg:
libelf.so.2 => /lib/libelf.so.2 (0x800881000)
libjail.so.1 => /lib/libjail.so.1 (0x80089a000)
libarchive.so.13 => /usr/local/lib/libarchive.so.13 (0x8008a2000)
libbz2.so.4 => /usr/lib/libbz2.so.4 (0x800b60000)
...
as any patch may need to be applied there as well.
Kind regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fb41d421-c3a7-c373-b094-bea6c1f02c9d>