Page MenuHomeFreeBSD

bhyveload(8): document some SECURITY CONSIDERATIONS
ClosedPublic

Authored by kevans on Jan 4 2024, 2:23 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 7:52 PM
Unknown Object (File)
Wed, Oct 23, 7:20 PM
Unknown Object (File)
Wed, Oct 23, 7:20 PM
Unknown Object (File)
Wed, Oct 23, 7:19 PM
Unknown Object (File)
Wed, Oct 23, 7:19 PM
Unknown Object (File)
Wed, Oct 23, 6:35 PM
Unknown Object (File)
Sep 25 2024, 12:16 AM
Unknown Object (File)
Sep 22 2024, 12:14 AM

Details

Summary

The situation is improved now that we're running in a sandbox, but there
is still some host machine access that could be concerning depending on
the context. These concerns may be somewhat mitigated by the fact that
the host machine usually provides the loader binary, even when the guest
image is providing the loader scripts -- they only bring the lua
scripts, and they have to be able to execute arbitrary syscalls rather
than the interfaces provided by libsa(3).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans requested review of this revision.Jan 4 2024, 2:23 AM
markj added inline comments.
usr.sbin/bhyveload/bhyveload.8
179

I'm not sure I'd include the version number: it'll need to be updated when we backport the changes and release, e.g., 13.3.

199
205

This access is read-only, right? Is it worth clarifying that?

usr.sbin/bhyveload/bhyveload.8
205
kevans marked 2 inline comments as done.

Address review commentary; access to the currently opened directories isn't
currently restricted to read-only, but restricting the rights(4) a bit will get
us where we want to be.. we'll land that before this.

This revision is now accepted and ready to land.Jan 11 2024, 4:23 PM
jhb added a subscriber: jhb.
jhb added inline comments.
usr.sbin/bhyveload/bhyveload.8
192

I suspect this might be confusing to some non-native readers.

usr.sbin/bhyveload/bhyveload.8
192

I'll fold that in, thanks. Do you think it'd be worth drawing the connection more explicitly with the -c option?

... and the chosen
.Fl c
console.

Or perhaps a more concise

... and the chosen
.Ar cons-dev .