Date: Thu, 9 Feb 2006 09:58:48 +0100 (CET) From: Jan Srzednicki <w@expro.pl> To: FreeBSD-gnats-submit@FreeBSD.org Cc: mcl@mclhq.com Subject: bin/93085: support for ACLs (and extattr) missing in dump and restore Message-ID: <20060209085848.C9FD654818@miranda.expro.pl> Resent-Message-ID: <200602090900.k1990KYw063276@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93085 >Category: bin >Synopsis: support for ACLs (and extattr) missing in dump and restore >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 09 09:00:19 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Jan Srzednicki >Release: FreeBSD 6.0-STABLE i386 >Organization: expro.pl >Environment: FreeBSD 5.4-RELEASE FreeBSD 6.0-STABLE, cvsupped on January the 31th >Description: ACLs are a very useful tool in constructing more advanced security model of a given machine. But, as it appears, FreeBSD basic backup utilities, as is stated in the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html dump and restore that is - are missing support for ACLs and other extended filesystem attributes. CVS log for src/sbin/dump/main.c states that only in a TODO list. Grepping the source also shows no reference to the relevant functions (acl_*(3), __acl_*(2) or extattr_*(2)): cd /usr/src/sbin && grep -riE '(extattr|acl)' dump restore Doing some research on the network, I found some notions that explicitly state that dump and restore HAVE support for ACLs, for example an article on ONLamp: http://www.onlamp.com/pub/a/bsd/2003/08/14/freebsd_acls.html It's also worth noting that tar on 5.4-RELEASE also doesn't support ACLs, though the man page says it does with the '-p' option. And the pax utility (/bin/pax) doesn't support ACLs on both FreeBSD versions. So, there are two issues: 1. No notion of lacking support for ACLs in the handbook or in the man pages (dump and restore) or anywhere else. This may open a security thread in a system that has been built with ACL security model and an administrator being unaware of his ACL work not being backuped. After dump&restore of such a system ACLs are dead and gone. Of course, one can write some helper script for dump&restore that would find all the ACL-enabled files, store information on them and restore them if necessary. But the administrator has to be aware of such a need. That's why I have marked this PR as high-priority and serious severity. 2. Lack of support for ACLs in the dump&restore utilities itself. As they're considered basic and recommended backup utilities (at least that's what the handbook says), such a support is more than needed. Scripting for backups is ugly. >How-To-Repeat: dump && restore: 1. Dump a partition with some ACLs. 2. Create a new UFS2 partition, 'tunefs -a enable' it, mount it with -oacls just to be sure. 3. restore the dumped partition onto a new one. 4. find /newpartition -acl ACLs are gone. tar (only on 5.4-RELEASE): cd /acl-enabled-partition/tmp-dir mkdir foo bar touch foo/file setfacl -m 'mask::rwx,u:bin:rwx' foo/file tar -cvp -f- -C foo file | ( cd bar && tar -xp -f- ) getfacl bar/foo/file ALCs are gone. >Fix: Fast: Fix the backup entry in the handbook. Slow: Fix dump and restore. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060209085848.C9FD654818>