bin/93085: support for ACLs (and extattr) missing in dump and restore

Jan Srzednicki w at expro.pl
Thu Feb 9 01:00:31 PST 2006


>Number:         93085
>Category:       bin
>Synopsis:       support for ACLs (and extattr) missing in dump and restore
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 09 09:00:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jan Srzednicki
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
expro.pl
>Environment:

FreeBSD 5.4-RELEASE
FreeBSD 6.0-STABLE, cvsupped on January the 31th
	
>Description:

ACLs are a very useful tool in constructing more advanced security model of
a given machine. But, as it appears, FreeBSD basic backup utilities, as
is stated in the handbook: 

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html

dump and restore that is - are missing support for ACLs and other
extended filesystem attributes. CVS log for src/sbin/dump/main.c states
that only in a TODO list. Grepping the source also shows no reference to
the relevant functions (acl_*(3), __acl_*(2) or extattr_*(2)):

cd /usr/src/sbin && grep -riE '(extattr|acl)' dump restore

Doing some research on the network, I found some notions that explicitly
state that dump and restore HAVE support for ACLs, for example an
article on ONLamp:

http://www.onlamp.com/pub/a/bsd/2003/08/14/freebsd_acls.html

It's also worth noting that tar on 5.4-RELEASE also doesn't support
ACLs, though the man page says it does with the '-p' option. And the pax
utility (/bin/pax) doesn't support ACLs on both FreeBSD versions.

So, there are two issues:

1. No notion of lacking support for ACLs in the handbook or in the man
pages (dump and restore) or anywhere else. This may open a security
thread in a system that has been built with ACL security model and an
administrator being unaware of his ACL work not being backuped. After
dump&restore of such a system ACLs are dead and gone.

Of course, one can write some helper script for dump&restore that would
find all the ACL-enabled files, store information on them and restore
them if necessary. But the administrator has to be aware of such a need.
That's why I have marked this PR as high-priority and serious severity.

2. Lack of support for ACLs in the dump&restore utilities itself. As
they're considered basic and recommended backup utilities (at least
that's what the handbook says), such a support is more than needed.
Scripting for backups is ugly.

	
>How-To-Repeat:

dump && restore:

1. Dump a partition with some ACLs.
2. Create a new UFS2 partition, 'tunefs -a enable' it, mount it with -oacls
   just to be sure.
3. restore the dumped partition onto a new one.
4. find /newpartition -acl

ACLs are gone.

tar (only on 5.4-RELEASE):

cd /acl-enabled-partition/tmp-dir
mkdir foo bar
touch foo/file
setfacl -m 'mask::rwx,u:bin:rwx' foo/file
tar -cvp -f- -C foo file | ( cd bar && tar -xp -f- )
getfacl bar/foo/file

ALCs are gone.
	
>Fix:

Fast:

Fix the backup entry in the handbook.

Slow:

Fix dump and restore.
	


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list