From owner-freebsd-arch@freebsd.org Fri May 15 19:44:37 2020 Return-Path: Delivered-To: freebsd-arch@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0235A2FEACA for ; Fri, 15 May 2020 19:44:37 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49NzPw4jS3z4Lyx; Fri, 15 May 2020 19:44:36 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 04FJiYm6087926; Fri, 15 May 2020 12:44:34 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 04FJiXmr087925; Fri, 15 May 2020 12:44:33 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <202005151944.04FJiXmr087925@gndrsh.dnsmgr.net> Subject: Re: [HEADSUP] Disallowing read() of a directory fd In-Reply-To: To: Kyle Evans Date: Fri, 15 May 2020 12:44:33 -0700 (PDT) CC: "freebsd-arch@freebsd.org" , "Rodney W. Grimes" , Poul-Henning Kamp Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 49NzPw4jS3z4Lyx X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-5.97 / 15.00]; NEURAL_HAM_MEDIUM(-0.97)[-0.970,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-Mailman-Approved-At: Sat, 16 May 2020 07:55:35 +0000 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2020 19:44:37 -0000 > On Thu, May 14, 2020 at 1:26 PM Kyle Evans wrote: > > > > Hi, > > > > This is a heads up, given that I'm completely flipping our historical > > behavior- I intend to commit this review in a couple days' time > > without substantial objection: https://reviews.freebsd.org/D24596 > > > > Note that the review has been updated to reflect feedback received > through the course of this discussion. The current version, as of the > time of writing, instead adds a security.bsd.allow_read_dir > (defaulting to off) that will allow the system root (*not* jailed > root) the ability to read(2) a directory if the filesystem supports > it. A new priv(9), PRIV_VFS_READ_DIR has been added so that anyone > interested in expanding the scope of the sysctl beyond the system root > is welcome to implement a MAC policy for it. > > rgrimes@ and phk@ have been specifically invited to the review as > representatives of those opposing the original change, but of course > anyone is free to add themselves and/or simply chime in with > constructive objections. I did not oppose the change, just asked that the change be knobbed so that the few rare ones of us that do use this ability do not have to jump through hoops when we need it to fix a problem. Everyone should remeber just because you do not find it useful does not mean it is not useful functionality. Remember the mantra, methods, not policy. This is a policy change. > Thanks, > Kyle Evans Regards, -- Rod Grimes rgrimes@freebsd.org