Page MenuHomeFreeBSD
Differential D43299

bhyveload(8): document some SECURITY CONSIDERATIONS
ClosedPublic
Actions

Authored by kevans on Jan 4 2024, 2:23 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 23, 7:20 PM
Unknown Object (File)
Wed, Oct 23, 7:20 PM
Unknown Object (File)
Wed, Oct 23, 7:19 PM
Unknown Object (File)
Wed, Oct 23, 7:19 PM
Unknown Object (File)
Wed, Oct 23, 6:35 PM
Unknown Object (File)
Sep 25 2024, 12:16 AM
Unknown Object (File)
Sep 22 2024, 12:14 AM
Unknown Object (File)
Sep 21 2024, 9:37 PM
View All 36 Files
Subscribers
bcran
imp
jhb
jonathan
markj
rgrimes

Details

Reviewers
markj
jhb
Group Reviewers
bhyve
Commits
rG5df041c4bbf7: bhyveload(8): document some SECURITY CONSIDERATIONS
Summary

The situation is improved now that we're running in a sandbox, but there
is still some host machine access that could be concerning depending on
the context. These concerns may be somewhat mitigated by the fact that
the host machine usually provides the loader binary, even when the guest
image is providing the loader scripts -- they only bring the lua
scripts, and they have to be able to execute arbitrary syscalls rather
than the interfaces provided by libsa(3).

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jan 4 2024, 2:23 AM
Herald added subscribers: bcran, jonathan, rgrimes, imp. · View Herald TranscriptJan 4 2024, 2:23 AM
kevans requested review of this revision.Jan 4 2024, 2:23 AM
Harbormaster completed remote builds in B55230: Diff 132239.Jan 4 2024, 2:23 AM
kevans added a child revision: D43300: bhyveload: support guest rebooting from the loader.Jan 4 2024, 2:23 AM
markj added a subscriber: markj.Jan 4 2024, 2:09 PM
markj added inline comments.
usr.sbin/bhyveload/bhyveload.8
179

I'm not sure I'd include the version number: it'll need to be updated when we backport the changes and release, e.g., 13.3.

199
205

This access is read-only, right? Is it worth clarifying that?

kevans added inline comments.Jan 4 2024, 3:54 PM
usr.sbin/bhyveload/bhyveload.8
205

whoops

kevans added a parent revision: D43315: bhyveload: limit rights on the dirfds we create.Jan 4 2024, 3:55 PM
kevans updated this revision to Diff 132280.Jan 4 2024, 4:02 PM
kevans marked 2 inline comments as done.

Address review commentary; access to the currently opened directories isn't
currently restricted to read-only, but restricting the rights(4) a bit will get
us where we want to be.. we'll land that before this.

Harbormaster completed remote builds in B55244: Diff 132280.Jan 4 2024, 4:02 PM
kevans marked an inline comment as done.Jan 4 2024, 4:03 PM
markj accepted this revision as: markj.Jan 11 2024, 4:23 PM
This revision is now accepted and ready to land.Jan 11 2024, 4:23 PM
jhb accepted this revision.Jan 11 2024, 7:21 PM
jhb added a subscriber: jhb.
jhb added inline comments.
usr.sbin/bhyveload/bhyveload.8
192

I suspect this might be confusing to some non-native readers.

kevans added inline comments.Jan 11 2024, 8:20 PM
usr.sbin/bhyveload/bhyveload.8
192

I'll fold that in, thanks. Do you think it'd be worth drawing the connection more explicitly with the -c option?

... and the chosen
.Fl c
console.

Or perhaps a more concise

... and the chosen
.Ar cons-dev .
Closed by commit rG5df041c4bbf7: bhyveload(8): document some SECURITY CONSIDERATIONS (authored by kevans). · Explain WhyJan 12 2024, 7:58 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG5df041c4bbf7: bhyveload(8): document some SECURITY CONSIDERATIONS.

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyveload/
42 lines

Diff 132701

View Options

usr.sbin/bhyveload/bhyveload.8

Loading...