From owner-freebsd-fs@FreeBSD.ORG  Wed May 31 18:25:48 2006
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
X-Original-To: freebsd-fs@freebsd.org
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1AF3E16B762
	for <freebsd-fs@freebsd.org>; Wed, 31 May 2006 18:25:48 +0000 (UTC)
	(envelope-from meianoite@gmail.com)
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AC96043D76
	for <freebsd-fs@freebsd.org>; Wed, 31 May 2006 18:25:38 +0000 (GMT)
	(envelope-from meianoite@gmail.com)
Received: by nz-out-0102.google.com with SMTP id m7so89958nzf
	for <freebsd-fs@freebsd.org>; Wed, 31 May 2006 11:25:38 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=dEwMDcX89hPBeNIvwzfSre7xw6tmAgXrbTVoUPXqgyVR+SCqcl5Cmu9b4S9DnKq3b4U4w2n/S2lR4QHP49xGZadUraVPs9w/unft6kZMghuBAcdBm7AT6qR1pbJNC1Uq94CYxt1xUny7Gb7gPPLF+wblG9YMzyYe6I9aPsnQexs=
Received: by 10.36.148.2 with SMTP id v2mr579477nzd;
	Wed, 31 May 2006 11:25:38 -0700 (PDT)
Received: by 10.36.113.7 with HTTP; Wed, 31 May 2006 11:25:37 -0700 (PDT)
Message-ID: <2ad73a0605311125h7ac8a927t33bbfadf9fe18c33@mail.gmail.com>
Date: Wed, 31 May 2006 15:25:37 -0300
From: "=?ISO-8859-1?Q?Andr=E9_Braga?=" <meianoite@gmail.com>
To: "Alexander Leidinger" <Alexander@leidinger.net>
In-Reply-To: <20060531133814.acykloyqhkcccg80@netchild.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <E1F5gbI-000Eea-B7@cs1.cs.huji.ac.il>
	<43E73330.8070101@freebsd.org> <43EB4C00.2030101@freebsd.org>
	<4417DD8D.3050201@freebsd.org> <4433CA53.5050000@freebsd.org>
	<444E13BA.8050902@freebsd.org> <4475C119.1020305@freebsd.org>
	<447C919B.20303@freebsd.org> <86bqteikj4.fsf@xps.des.no>
	<20060531133814.acykloyqhkcccg80@netchild.homeip.net>
X-Mailman-Approved-At: Wed, 31 May 2006 18:42:31 +0000
Cc: ozawa@ongs.co.jp, dkirhlarov@oilspace.com, freebsd-hackers@freebsd.org,
	Daichi GOTO <daichi@freebsd.org>, freebsd-listen@fabiankeil.de,
	freebsd-fs@freebsd.org, freebsd-current@freebsd.org, kris@obsecurity.org,
	=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
Subject: Re: [ANN] unionfs patchset-13 release
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2006 18:25:52 -0000

On 5/31/06, Alexander Leidinger <Alexander@leidinger.net> wrote:
> If everyone is happy with the current patchset (if the man-page is
> still missing, we may agree that it can be delivered at a later time),
> I can try to get time to do it at the weekend (but feel free to beat
> me in committing it).

Hello,
I haven't been able to test whether the new patchset handles the bug I
reported to Mr. Daichi Goto but so far haven't received a reply.
Perhaps my message got lost somewhere, so I thought it would be a good
idea to report this bug again. I diff'ed -p11 against -p12 (not yet
against -p13) but haven't been able to determine myself if this bug
got fixed. To foreign a code for me to understand as I have no
background on the inner workings of FreeBSD's VFS, so I can't realy
tell if the differences were sufficient to fix the bug.

Here's a reprint of my bug report when -p11 was the newest available versio=
n.

A post scriptum to the original message:
The buggy behaviour won't affect the host system, but the jail could
well be compromised. I also have this feeling that ACLs also aren't
respected inside jails or can be overwritten as easily as shown below

Thanks,
Andr=E9

---------------------- 8< ----------------------

Hi,

Once again, thank you for your patch.

I believe I have found a bug:

If a file or directory has non-default flags and this directory is
mounted below a target point, the resulting union will not preserve
the directory flags. Worse, it will appear as if the file flags are
preserved, but they are not and as soon as a file that should not be
modified gets modified, the flags are reset to the default state on
the union mount. This could pose a *serious* security breach for
people running jails rooted on unionfs mounts, like I intended to.

Test case:
(discrepancies are marked by a line containing "**** NOTICE" and
aligned to fixed-length font display)

# cd /tmp
# mkdir -p test/a test/b/bb test/b/cc
# touch test/b/cc/dd
# chflags schg test/b/bb/
# chflags uappnd test/b/cc/dd
# ls -Rlo
total 2
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 test

./test:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 a
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 b

./test/a:
total 0

./test/b:
total 4
drwxr-xr-x  2 root  wheel  schg 512 Apr 29 08:12 bb
**** NOTICE 1a             ^^^^    ****
drwxr-xr-x  2 root  wheel  -    512 Apr 29 08:12 cc

./test/b/bb:
total 0

./test/b/cc:
total 0
-rw-r--r--  1 root  wheel  uappnd 0 Apr 29 08:12 dd
**** NOTICE 2a             ^^^^^^    ****
# echo ee >test/b/cc/dd
test/b/cc/dd: Operation not permitted.
# echo ee >> test/b/cc/dd
**** NOTICE: this is the intended behavior for the 'uappnd' flag ****
# cat test/b/cc/dd
ee
#
# mount_unionfs -c transparent -b test/b test/a
# ls -Rlo
total 2
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 test

./test:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 a
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 b

./test/a:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 bb
**** NOTICE 1b            ^^^    ****
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 cc

./test/a/bb:
total 0

./test/a/cc:
total 2
-rw-r--r--  1 root  wheel  uappnd 3 Apr 29 08:15 dd
**** NOTICE 2b (LOOKS OK)  ^^^^^^    ****
./test/b:
total 4
drwxr-xr-x  2 root  wheel  schg 512 Apr 29 08:12 bb
drwxr-xr-x  2 root  wheel  -    512 Apr 29 08:12 cc

./test/b/bb:
total 0

./test/b/cc:
total 2
-rw-r--r--  1 root  wheel  uappnd 3 Apr 29 08:15 dd
# echo ff > test/a/cc/dd
# cat test/a/cc/dd
 ff
**** NOTICE: very wrong behavior for the 'uappnd' flag! ****
 # ls -lo test/a/cc/dd
-rw-r--r--  1 root  wheel  - 3 Apr 29 08:20 test/a/cc/dd
**** NOTICE 2c (NO FLAG!) ^^^    ****
# echo gg >test/b/cc/hh
# chflags schg test/b/cc/hh
# rm test/b/cc/hh
override rw-r--r--  root/wheel schg for test/b/cc/hh? yes
rm: test/b/cc/hh: Operation not permitted
**** NOTICE 3a    ^^^^^^^^^^^^^^^^^^^^^^^  ****
# ls -lo test/a/cc/hh
-rw-r--r--  1 root  wheel  schg 3 Apr 29 08:24 test/a/cc/hh
**** NOTICE 3b             ^^^^    ****
# rm test/a/cc/hh
override rw-r--r--  root/wheel schg for test/a/cc/hh? yes
**** NOTICE 3c (NO ERROR!)  ****
# ls -lo test/a/cc/
total 2
-rw-r--r--  1 root  wheel  - 3 Apr 29 08:20 dd
**** NOTICE 3d (the file is gone despite immutable flags seemingly set!)  *=
***

End of test case

It makes no difference to specify '-c tradicional'.

I skimmed over the patch code and have noticed no file flags or
director[y flags] are indeed [ever] copied to the shadow files.
[Edit: spelling]

I'd really appreciate if you could fix that for the patch version 12.

Thank you very much!
Andr=E9