[Bug 265625] .zfs/snapshot directory is always readable (also by non-privileged users)

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Aug 2022 09:22:18 UTC

            Bug ID: 265625
           Summary: .zfs/snapshot directory is always readable (also by
                    non-privileged users)
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jbe@magnetkern.de

The .zfs/snapshot directory of ZFS filesystems is always readable, also by
non-privileged users. Since it is impossible to change ownership or file modes
in a snapshot (it is read-only), this can be a security issue (only way to fix
a misconfiguration is to destroy all snapshots).

Moreover, the behavior may be unexpected to users since the .zfs directory is
hidden by default (but readable!).

There doesn't seem to be any way to disable access to snapshots (not even
globally for everyone). The only workaround I know is to use mount_nullfs to
shadow the directory. But that doesn't seem to be a clean solution and is error

You are receiving this mail because:
You are the assignee for the bug.