misc/68576: UFS2 snapshot files can be mounted read-write and written to

John Kozubik john at kozubik.com
Thu Jul 1 18:21:41 PDT 2004 

>Number:         68576
>Category:       misc
>Synopsis:       UFS2 snapshot files can be mounted read-write and written to
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 02 01:20:18 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     John Kozubik
>Release:        FreeBSD 5.2.1-RELEASE
>Organization:
http://www.kozubik.com
>Environment:
FreeBSD kozubik 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004     root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC  i386 
>Description:
Snapshot files are not to be written to in any circumstance.  After mounting the snapshot as per the snapshot documentation, however, one can successfully run `mount -uw` on the mounted snapshot file, thus mounting it read/write.  One can then write new files to the snapshot file and alter existing files in it.
>How-To-Repeat:
mksnap_ffs / /snap1
mkdir /snapmount
mdconfig -a -t vnode -f /snap1 -u 4
mount -r /dev/md4 /snapmount

So far so good ... now enter the mounted snapshot and attempt to write a
file:

# cd /snapmount/
# touch test
touch: test: Read-only file system
#

This is the expected behavior.  However:

#
# pwd
/snapmount
# mount -uw /snapmount
# touch test
# echo sldkfslk >> /snapmount/test
#
# cat /snapmount/test
sldkfslk
#

This is unexpected.  You can successfully mount the snapshot read/write
and create and write to files in that snapshot.  You can also write to
files that existed in the snapshot prior to mounting it read/write.
>Fix:
A workaround would be to not mount snapshot files read/write.  A more robust workaround would be to add an exception to `mount` that would disallow mounting a snapshot read/write.

This would follow the existing trend of writing exceptions into common commands (`rm` for instance) to deal with the special needs of snapshot files.  I'm not sure if all these exceptions are a good idea, though, especially if more will be needed as time goes on.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list