aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2020-06-04 18:19:16 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-06-04 18:19:16 +0000
commit9b16365fcafd1a4b8af43ea1ec6f22ae031e15ee (patch)
tree8419f0e39e018b4655655c85d7668aafc65703cd
parent63619b6dba17f90514355706cea0f825d131d5e4 (diff)
downloadsrc-9b16365fcafd1a4b8af43ea1ec6f22ae031e15ee.tar.gz
src-9b16365fcafd1a4b8af43ea1ec6f22ae031e15ee.zip
RELNOTES and UPDATING: Document the new policy on read(2) of dirfd
These changes have been completely flushed as of r361799; note it.
Notes
Notes: svn path=/head/; revision=361800
-rw-r--r--RELNOTES13
-rw-r--r--UPDATING12
2 files changed, 23 insertions, 2 deletions
diff --git a/RELNOTES b/RELNOTES
index d63af65dc30e..8764c7bb53fe 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,8 +10,17 @@ newline. Entries should be separated by a newline.
Changes to this file should not be MFCed.
-r361238:
- ZFS will now reject read(2) of a dirfd with EISDIR.
+r361238, r361798, r361799:
+ ZFS will now unconditionally reject read(2) of a directory with EISDIR.
+ Additionally, read(2) of a directory is now rejected with EISDIR by
+ default and may be re-enabled for non-ZFS filesystems that allow it with
+ the sysctl(8) MIB 'security.bsd.allow_read_dir'.
+
+ Aliases for grep to default to '-d skip' may be desired if commonly
+ non-recursively grepping a list that includes directories and the
+ possibility of EISDIR errors in stderr is not tolerable. Example
+ aliases, commented out, have been installed in /root/.cshrc and
+ /root/.shrc.
r361066:
Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5).
diff --git a/UPDATING b/UPDATING
index 6d9e2578fb19..3fb338961057 100644
--- a/UPDATING
+++ b/UPDATING
@@ -26,6 +26,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
+20200604:
+ read(2) of a directory fd is now rejected by default. root may
+ re-enable it for system root only on non-ZFS filesystems with the
+ security.bsd.allow_read_dir sysctl(8) MIB if
+ security.bsd.suser_enabled=1.
+
+ It may be advised to setup aliases for grep to default to `-d skip` if
+ commonly non-recursively grepping a list that includes directories and
+ the potential for the resulting stderr output is not tolerable. Example
+ aliases are now installed, commented out, in /root/.cshrc and
+ /root/.shrc.
+
20200523:
Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have
been upgraded to 10.0.1. Please see the 20141231 entry below for