From nobody Wed Apr 02 23:54:06 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZShY63tCxz5s6Dd for ; Wed, 02 Apr 2025 23:54:18 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZShY60qPFz48c4 for ; Wed, 02 Apr 2025 23:54:18 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=dDUzgJfu; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::52a as permitted sender) smtp.mailfrom=rick.macklem@gmail.com Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5e61d91a087so626224a12.0 for ; Wed, 02 Apr 2025 16:54:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743638057; x=1744242857; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=LgPjTC1sZlVpx+gMNWfZH8aJVJcTpR5yVFDqmmuTt7M=; b=dDUzgJfuq1UqAcb3AHko9iXqOARuEvzFWq+UC2gbkjHH32Iw5VmppoMmTHtxUH6P5z b409ljO9wk9F2T5DupPEIynP8jo8DcWE8HPsd/mqQJd3TSPDhHELc/H0Pqh14ykBbNCz CejEq1TMWLsZgDZwvAV/vOEOB/ZMqWVynsC5RQLQkPHLe17sizoXek3/8FyAGqGWNd+d +8ACAYsx9uZ/mxpXAXZMOaHshOFk8xHwQHwW58bd1jqVRuxFy0kMCfPcJYEtyQ6LkjiJ 0Ku8r+cTRJVguXk7UwGaqFmr0LMOa0PCotSJx6dbohfOw5JRWv8LZVDrldzMomjR3kMW 1XDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743638057; x=1744242857; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LgPjTC1sZlVpx+gMNWfZH8aJVJcTpR5yVFDqmmuTt7M=; b=GlVViTkRGfrd1A8SrMSJvY2TDG6a3qcFMOAg9o0ynxfj3jWOH5sRczCGf7aMhYujwh tse/bi+zXPHm0qavXsiHwRV+9eLO7u3ZY3VibbVM6S/MfePQ5zKycZYuf2f8Gerq+oF9 14z/7NXxpv0pdyDMUuLZCkzXRdC2JCKZF/Whpx4aCY6DJ7I0ha2SMkAptgF+1R+j82aO FfbhcbKbTAgsYUNiicNJyEmEgQZZINlU3t/x/YVAObJOIjgxcaFqrst7fAY6hCrCVOjC vMXDM0FHynh121m5CB8TnIxRqc5cQkknM30Gx6lJ4POpw+FAprKaa/kdsOwdZGidsmwd TXsQ== X-Forwarded-Encrypted: i=1; AJvYcCXJGN634UqQF0M4ZmUZEfue8RYpgrna8ZoxLaev956m2QLzLEEh24u1owEJV3N4M/+U1IOoKaCqeKxQVJ+p5ew=@freebsd.org X-Gm-Message-State: AOJu0YzfdYVadJ8sLWT54Otqydi/2BQbNvjlpGFvnBXzeVyh8okR6oMW uH+wTwRsZuSgkhBYYfF2xMk/QBQF4SBK3CbEBZsfPBOWjcUA7Yd+MrVN0cJjE675hiv4fVNZP5Y 2zQN2OvNrxJv7q1UZ0HIcnK6Aeg== X-Gm-Gg: ASbGnctDCSREjj7vOF3+MEdMqPCYWrnZSRFTCyZVUEueggYPhjKKP1ovjbjlGKLR0CH bSkPSi7j06WEdRYkfhvkFNxcbEV68dFBtxvTC0jtWd/JvZakK6L3wl+FmEhL58yhIOAnoQy5Z8i 94xuC6W4tcNiHPMORhNx7JFdcO7ZGjWYadLAg5kIolYpRs8f4oD/X5PLgMveeJLpyOJIAr X-Google-Smtp-Source: AGHT+IFSfT0IwUCP2Dp0bMdGN0vCzOshmJYLcp98WcmChqJVOp0H2JOU4nQkssojMBL5VZ6v037u6ioyV/TXSzYtygA= X-Received: by 2002:a05:6402:2709:b0:5e5:be7f:a1f6 with SMTP id 4fb4d7f45d1cf-5f087154ae9mr301662a12.1.1743638056443; Wed, 02 Apr 2025 16:54:16 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 References: <410014e4-75a6-4923-8f84-3935cab41c31@blastwave.org> <3dso3cojzxnylcfmpmgwzizp4omzpmnbfgz3zt5pvgeur4wss6@kblfkmtssebw> In-Reply-To: From: Rick Macklem Date: Wed, 2 Apr 2025 16:54:06 -0700 X-Gm-Features: AQ5f1Jq1PCtFsAQGB578Nfd4j1gQDRpGzbnT94jlcL_-GlMVhch5VjXP0qJy2Hc Message-ID: Subject: Re: RFC: Solaris style extended attributes for FreeBSD To: Shawn Webb Cc: Dennis Clarke , freebsd-current@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.33 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.91)[-0.911]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.42)[-0.420]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TAGGED_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; MISSING_XM_UA(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52a:from]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com] X-Rspamd-Queue-Id: 4ZShY60qPFz48c4 X-Spamd-Bar: --- On Wed, Apr 2, 2025 at 2:26=E2=80=AFPM Rick Macklem wrote: > > On Tue, Apr 1, 2025 at 4:08=E2=80=AFPM Rick Macklem wrote: > > > > On Sat, Mar 29, 2025 at 1:22=E2=80=AFPM Rick Macklem wrote: > > > > > > On Sat, Mar 29, 2025 at 1:09=E2=80=AFPM Shawn Webb wrote: > > > > > > > > On Sat, Mar 29, 2025 at 01:04:08PM -0700, Rick Macklem wrote: > > > > > On Sat, Mar 29, 2025 at 12:50=E2=80=AFPM Shawn Webb wrote: > > > > > > > > > > > > On Sat, Mar 29, 2025 at 12:39:02PM -0700, Rick Macklem wrote: > > > > > > > > I had added filesystem extended attribute support to libarc= hive, which > > > > > > > > is what FreeBSD's tar(1) is based off of. I upstreamed that= , so that's > > > > > > > > taken care of. FreeBSD's tar(1) has supported extended attr= ibutes > > > > > > > > since 2020 (see libarchive PR 1409: > > > > > > > > https://github.com/libarchive/libarchive/pull/1409) > > > > > > > Ok, thanks for the info. If this stuff goes into FreeBSD, it = probably needs > > > > > > > to be tweaked to use the different syscall API so that it can= handle large > > > > > > > attributes and maybe the attribute's mode. (someday, maybe?) > > > > > > > > > > > > I believe libarchive has been updated in FreeBSD since October = 2020, > > > > > > so the vendored libarchive in FreeBSD should already support it= . But, > > > > > > yeah, if FreeBSD makes changes to how extended attributes work,= I or > > > > > > someone else would need to update libarchive to account for tha= t. > > > > > > > > > > > > Since HardenedBSD follows FreeBSD closely (we sync every six ho= urs), I > > > > > > would probably volunteer to update the libarchive code. > > > > > > > > > > > > > > Just one data point here: HardenedBSD uses filesystem exten= ded > > > > > > > > attributes to toggle certain exploit mitigations on a per-a= pplication > > > > > > > > basis. That's why we added support to libarchive: so we can= ship > > > > > > > > certain packages with exploit mitigations pre-toggled. > > > > > > > Just curious. Does it use "system" or "user" attribute space? > > > > > > > > > > > > We use the system namespace, though the userland tool (hbsdcont= rol) > > > > > > was recently taught about the user namespace. The kernel side o= nly > > > > > > supports system namespace. So the user namespace support in > > > > > > hbsdcontrol is somewhat meaningless. I do plan to eventually ge= t to > > > > > > the kernel side, but my TODO list continues growing. :-) > > > > > Ok, this wouldn't be affected by the patches I've been doing, sin= ce they > > > > > handle user space only. (system space will still work, but only v= ia the > > > > > extattr_XXX() APIs. > > > > > > > > Cool. I have another project that uses user namespaces: > > > > https://git.hardenedbsd.org/shawn.webb/altfs > > > > > > > > AltFS is a fusefs driver that stores file payload in filesystem > > > > extended attributes, using the user namespace. It only partially wo= rks > > > > and again is bitten by more important items on my TODO list. It mai= nly > > > > serves as a proof-of-concept for a weird data exfiltration techniqu= e. > > > > Not at all meant for actual production use. > > > > > > > > Do you already have a patch for review in Phabric? I might want to = add > > > > myself to it so I can more easily keep informed. > > > Not yet. I am still cleaning things up and testing. > > I have put the VFS/syscall changes up in phabricator under D49583. > > I listed a few reviewers, but anyone is welcome to review/comment on it= . > I have just committed this to main as 2ec2ba7e232d. However, there is a v= ery > slight difference (definition of some flags) from the test patches. > I will update the test patches as soon as kib@ commits his struct stat pa= tch > in D49651. This shouldn't take long. Thanks go to kib@ for reviewing this= . > > After that there will two patches to be applied on top of a current > main kernel src. > https://people.freebsd.org/~rmacklem/zfs-xattr.patch > https://people.freebsd.org/~rmacklem/nfs-xattr.patch > > I will put the ZFS patch up on phabricator soon, as a first step towards = getting > it pulled into openzfs. The ZFS patch is now on phabricator in D49654. I listed Alexander and Andre= w as reviewers, but anyone should feel free to review it. Thanks for your comments sofar, rick > > rick > > > > > rick > > > > > Also, there ahs not been much response related to the question "shoul= d this > > > go in FreeBSD?". Dennis doesn't sounds like a "no" and the two poster= s on > > > freebsd-hackers@ I assume are a"yes", but I haven't heard from anyone= else. > > > (Good technical comments, but not related to "should it be in FreeBSD= ?".) > > > > > > rick > > > > > > > > > > > Thanks, > > > > > > > > -- > > > > Shawn Webb > > > > Cofounder / Security Engineer > > > > HardenedBSD > > > > > > > > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > > > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_= Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc