Date: Thu, 7 Nov 2019 19:07:20 +0100 From: Jan Behrens <jbe-mlist@magnetkern.de> To: freebsd-fs@freebsd.org Subject: Re: ZFS snapdir readability (Crosspost) Message-ID: <20191107190720.8ed2e1016b02c14ef5071adf@magnetkern.de> In-Reply-To: <e2eecef7-21b6-0ff2-b259-71421b7d097c@sentex.net> References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> <CAOtMX2huHZcXHH%2B=3Bx7hX_p9udJ2acOX%2BZL8vW=pjqbe6mOAA@mail.gmail.com> <e2eecef7-21b6-0ff2-b259-71421b7d097c@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Nov 2019 09:54:11 -0500 mike tancsa <mike@sentex.net> wrote: > [...] I think I recall > ZoL adding this as a feature back when I ran into this issue via zfs > allow / unallow ? Or at least I think I saw discussion about it. > > https://github.com/zfsonlinux/zfs/issues/3963 > > ---Mike I'm happy that apparently some other people share my worries, like "jelinekr" commented already on Oct 27, 2015 on that ticket: "We need this for security reasons in cases where a too permissive dirent entry gets fixed, the vulnerability is still present and accessible in older snapshots." The ticket is marked as closed, but this seems to be a mistake. I found out about the "snapdir" property for "zfs allow" a while ago. Using "zfs allow <username> snapdir <filesystem>", however, does *not* grant access to access the .zfs directory, and "zfs unallow <username> snapdir <filesystem>" does not revoke reading privileges. Instead, "zfs allow" can be used to grant non-privileged users the right to set the snapdir property to "visible" or "hidden" as follows: root # zfs allow bob snapdir zroot/usr/home root # su bob bob % zfs set snapdir=visible zroot/usr/home bob % zfs set snapdir=hidden zroot/usr/home bob % exit root # zfs unallow bob snapdir zroot/usr/home root # su bob bob % zfs set snapdir=visible zroot/usr/home cannot set property for 'zroot': permission denied bob % cat /usr/home/.zfs/snapshot/2010-10-27/alice/.ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- ... I assume that there was a misunderstanding when closing the ticket referenced above, since implementing "zfs allow" does not fix the issue (unless Linux' "zfs allow" works differently than FreeBSD's). See also comment by wl2018 on Feb 1, 2018 on https://github.com/zfsonlinux/zfs/issues/3963 Regards, Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191107190720.8ed2e1016b02c14ef5071adf>