misc/101660: Restore does not preserve uid and gid on short symlinks

Spencer Minear minear at securecomputing.com
Tue Aug 8 14:50:24 UTC 2006 

>Number:         101660
>Category:       misc
>Synopsis:       Restore does not preserve uid and gid on short symlinks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 08 14:50:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Spencer Minear
>Release:        6.0
>Organization:
Securecomputing Corp.
>Environment:
Running on our SecureOS variant of 6.0
>Description:
The problem appears to come from the fact that short link information is stored in the inode (header data in the case of a restore file), and for longer links the link information is stored in the data.

In the tape.c:extract_file function is called to store a short link the static variable, curfile, contains information about the link being restored.  Many of the attributes are extracted from curfile at the entry to the function.  Later in the case IFLNK processing a call is made to getfile to obtain the data with the link value.  (NOTE:  I have not studied the workings of getfile so I'm conjecturing based on observation with gdb).  When a short link is being processed the is no data to read.  In this case getfile appears to read in the next file header in the restore file/stream and save the results in the curfile static variable.  The processing then proceeds to build the symbolic link and then set it attibutes.  All but two of the attributes are taken from data taht was carefully set asside on entry to the function.  Those last two attributes,  user id and group id, are read from the current file varible and are NOT necessarily the correct values.  Note the before and aft
 er lists below.

Before Dump

alpha:Admn {76} % ls -l
total 4
-r-xr-xr-x  1 a    user   0 Aug  7 16:44 F
lrwxr-xr-x  1 a    bin    1 Aug  8 08:46 FL -> F
lrwxr-xr-x  1 b    bin    1 Aug  8 08:49 ThelongwaytogettoFishere -> F
-rw-r--r--  1 bin  bin   54 Aug  7 07:34 fwregisterd.conf
-rw-r--r--  1 bin  bin   54 Aug  7 07:34 fwregisterd.conf.bak

After restore

alpha:Admn {66} % ls -l
total 4
-r-xr-xr-x  1 a    user   0 Aug  7 16:44 F
lrwxr-xr-x  1 bin  bin    1 Aug  8 08:46 FL -> F
lrwxr-xr-x  1 a    user   1 Aug  8 08:49 ThelongwaytogettoFishere -> F
-rw-r--r--  1 bin  bin   54 Aug  7 07:34 fwregisterd.conf
-rw-r--r--  1 bin  bin   54 Aug  7 07:34 fwregisterd.conf.bak

>How-To-Repeat:
Set up a directory near the root of the file system, a file with a short name, a link with a short name and link with a long name and a few other files.

Build the links using different identities so that the group owener are different.

Do a dump of the containing file system, then wipe out the directory and restor.

It is likely that the attributes on the short link will change to those of another file or link in the directory.

>Fix:
I believe that the fix for the problem is to simply save all of the relvant attributes on entry to the function and do not ever use attributes from curfile once the likes of getfile is called.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list