https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265625
Bug ID: 265625
Summary: .zfs/snapshot directory is always readable (also by
non-privileged users)
Product: Base System
Version: 13.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: j...@magnetkern.de
The .zfs/snapshot directory of ZFS filesystems is always readable, also by
non-privileged users. Since it is impossible to change ownership or file modes
in a snapshot (it is read-only), this can be a security issue (only way to fix
a misconfiguration is to destroy all snapshots).
Moreover, the behavior may be unexpected to users since the .zfs directory is
hidden by default (but readable!).
There doesn't seem to be any way to disable access to snapshots (not even
globally for everyone). The only workaround I know is to use mount_nullfs to
shadow the directory. But that doesn't seem to be a clean solution and is error
prone.
--
You are receiving this mail because:
You are the assignee for the bug.
