bin/93085: support for ACLs (and extattr) missing in dump and
restore
Jan Srzednicki
w at expro.pl
Thu Feb 9 01:00:31 PST 2006
>Number: 93085
>Category: bin
>Synopsis: support for ACLs (and extattr) missing in dump and restore
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 09 09:00:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Jan Srzednicki
>Release: FreeBSD 6.0-STABLE i386
>Organization:
expro.pl
>Environment:
FreeBSD 5.4-RELEASE
FreeBSD 6.0-STABLE, cvsupped on January the 31th
>Description:
ACLs are a very useful tool in constructing more advanced security model of
a given machine. But, as it appears, FreeBSD basic backup utilities, as
is stated in the handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html
dump and restore that is - are missing support for ACLs and other
extended filesystem attributes. CVS log for src/sbin/dump/main.c states
that only in a TODO list. Grepping the source also shows no reference to
the relevant functions (acl_*(3), __acl_*(2) or extattr_*(2)):
cd /usr/src/sbin && grep -riE '(extattr|acl)' dump restore
Doing some research on the network, I found some notions that explicitly
state that dump and restore HAVE support for ACLs, for example an
article on ONLamp:
http://www.onlamp.com/pub/a/bsd/2003/08/14/freebsd_acls.html
It's also worth noting that tar on 5.4-RELEASE also doesn't support
ACLs, though the man page says it does with the '-p' option. And the pax
utility (/bin/pax) doesn't support ACLs on both FreeBSD versions.
So, there are two issues:
1. No notion of lacking support for ACLs in the handbook or in the man
pages (dump and restore) or anywhere else. This may open a security
thread in a system that has been built with ACL security model and an
administrator being unaware of his ACL work not being backuped. After
dump&restore of such a system ACLs are dead and gone.
Of course, one can write some helper script for dump&restore that would
find all the ACL-enabled files, store information on them and restore
them if necessary. But the administrator has to be aware of such a need.
That's why I have marked this PR as high-priority and serious severity.
2. Lack of support for ACLs in the dump&restore utilities itself. As
they're considered basic and recommended backup utilities (at least
that's what the handbook says), such a support is more than needed.
Scripting for backups is ugly.
>How-To-Repeat:
dump && restore:
1. Dump a partition with some ACLs.
2. Create a new UFS2 partition, 'tunefs -a enable' it, mount it with -oacls
just to be sure.
3. restore the dumped partition onto a new one.
4. find /newpartition -acl
ACLs are gone.
tar (only on 5.4-RELEASE):
cd /acl-enabled-partition/tmp-dir
mkdir foo bar
touch foo/file
setfacl -m 'mask::rwx,u:bin:rwx' foo/file
tar -cvp -f- -C foo file | ( cd bar && tar -xp -f- )
getfacl bar/foo/file
ALCs are gone.
>Fix:
Fast:
Fix the backup entry in the handbook.
Slow:
Fix dump and restore.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list