https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293001
Bug ID: 293001
Summary: Granting the privilege to read(2) directories to
non-root users
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
As demonstrated in bug #275099, as least in case of FUSE, direct read(2)ing of
directories can sometimes be useful; a FUSE-based file system implementation
may actually provide useful data for read(2)ing from a directory node.
In current kernel, the ability ro read(2) directories is reserved for processes
with PRIV_VFS_READ_DIR privilege, even when security.bsd.allow_read_dir is set
to 1.
I want to propose a few ideas to deal with this situation:
* Allow unprivileged users to read(2) directories if
security.bsd.allow_read_dir is set to 2 or higher.
* Make an exception for fusefs(4) so unprivileged users may read(2)
directories in fusefs(4), as long as security.bsd.allow_read_dir said so.
* Introduce a KLD module to great selected or all users the PRIV_VFS_READ_DIR
privilege.
--
You are receiving this mail because:
You are the assignee for the bug.
