Date: Mon, 2 May 2005 12:50:14 +0200 (CEST) From: Bernd Luevelsmeyer <bernd@heitec.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/80535: Contrary to handbook, filesystem snapshots do not have the schg flag. Message-ID: <200505021050.j42AoEvm017194@tostan.admin.er.heitec.net> Resent-Message-ID: <200505021200.j42C0NXq039932@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80535
>Category: docs
>Synopsis: Contrary to handbook, filesystem snapshots do not have the schg flag.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 02 12:00:23 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Bernd Luevelsmeyer
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD 5.4-STABLE
>Description:
The handbook tells:
"During initial creation, the schg flag (see the chflags(1) manual page)
is set to ensure that even root cannot write to the snapshot."
This is not true, the schg flag is not set. Since the schg flag is
a security-instrument, I consider this to be a "serious" bug.
>How-To-Repeat:
mksnap_ffs /usr /usr/snap
find /usr -flags schg | grep snap
(the snapshot file is not output)
>Fix:
Delete the quotet sentence from the handbook.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505021050.j42AoEvm017194>