From owner-freebsd-doc@FreeBSD.ORG Mon May 2 12:00:27 2005 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E97E616A4F2 for ; Mon, 2 May 2005 12:00:27 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A82B43D7F for ; Mon, 2 May 2005 12:00:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j42C0N4G039939 for ; Mon, 2 May 2005 12:00:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j42C0NXq039932; Mon, 2 May 2005 12:00:23 GMT (envelope-from gnats) Resent-Date: Mon, 2 May 2005 12:00:23 GMT Resent-Message-Id: <200505021200.j42C0NXq039932@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-doc@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Bernd Luevelsmeyer Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 635CB16A4CE for ; Mon, 2 May 2005 11:54:06 +0000 (GMT) Received: from christel.heitec.net (christel.heitec.net [62.206.253.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1610543D53 for ; Mon, 2 May 2005 11:54:06 +0000 (GMT) (envelope-from bernd@heitec.net) Received: from tostan.admin.er.heitec.net (paladin.heitec.net [62.206.253.14]) by christel.heitec.net (Postfix) with ESMTP id A004FA8939 for ; Mon, 2 May 2005 12:50:14 +0200 (CEST) Received: (from root@localhost)j42AoEvm017194; Mon, 2 May 2005 12:50:14 +0200 (CEST) (envelope-from bernd) Message-Id: <200505021050.j42AoEvm017194@tostan.admin.er.heitec.net> Date: Mon, 2 May 2005 12:50:14 +0200 (CEST) From: Bernd Luevelsmeyer To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/80535: Contrary to handbook, filesystem snapshots do not have the schg flag. X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Bernd Luevelsmeyer List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 12:00:28 -0000 >Number: 80535 >Category: docs >Synopsis: Contrary to handbook, filesystem snapshots do not have the schg flag. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon May 02 12:00:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Bernd Luevelsmeyer >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD 5.4-STABLE >Description: The handbook tells: "During initial creation, the schg flag (see the chflags(1) manual page) is set to ensure that even root cannot write to the snapshot." This is not true, the schg flag is not set. Since the schg flag is a security-instrument, I consider this to be a "serious" bug. >How-To-Repeat: mksnap_ffs /usr /usr/snap find /usr -flags schg | grep snap (the snapshot file is not output) >Fix: Delete the quotet sentence from the handbook. >Release-Note: >Audit-Trail: >Unformatted: