RELNOTES and UPDATING: Document the new policy on read(2) of dirfd

These changes have been completely flushed as of r361799; note it.
This commit is contained in:
Kyle Evans 2020-06-04 18:19:16 +00:00
parent 63619b6dba
commit 9b16365fca
2 changed files with 23 additions and 2 deletions

View File

@ -10,8 +10,17 @@ newline. Entries should be separated by a newline.
Changes to this file should not be MFCed. Changes to this file should not be MFCed.
r361238: r361238, r361798, r361799:
ZFS will now reject read(2) of a dirfd with EISDIR. ZFS will now unconditionally reject read(2) of a directory with EISDIR.
Additionally, read(2) of a directory is now rejected with EISDIR by
default and may be re-enabled for non-ZFS filesystems that allow it with
the sysctl(8) MIB 'security.bsd.allow_read_dir'.
Aliases for grep to default to '-d skip' may be desired if commonly
non-recursively grepping a list that includes directories and the
possibility of EISDIR errors in stderr is not tolerable. Example
aliases, commented out, have been installed in /root/.cshrc and
/root/.shrc.
r361066: r361066:
Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5). Add exec.prepare and exec.release hooks for jail(8) and jail.conf(5).

View File

@ -26,6 +26,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
disable the most expensive debugging functionality run disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".) "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20200604:
read(2) of a directory fd is now rejected by default. root may
re-enable it for system root only on non-ZFS filesystems with the
security.bsd.allow_read_dir sysctl(8) MIB if
security.bsd.suser_enabled=1.
It may be advised to setup aliases for grep to default to `-d skip` if
commonly non-recursively grepping a list that includes directories and
the potential for the resulting stderr output is not tolerable. Example
aliases are now installed, commented out, in /root/.cshrc and
/root/.shrc.
20200523: 20200523:
Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have
been upgraded to 10.0.1. Please see the 20141231 entry below for been upgraded to 10.0.1. Please see the 20141231 entry below for