Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 May 2006 15:25:37 -0300
From:      "=?ISO-8859-1?Q?Andr=E9_Braga?=" <meianoite@gmail.com>
To:        "Alexander Leidinger" <Alexander@leidinger.net>
Cc:        ozawa@ongs.co.jp, dkirhlarov@oilspace.com, freebsd-hackers@freebsd.org, Daichi GOTO <daichi@freebsd.org>, freebsd-listen@fabiankeil.de, freebsd-fs@freebsd.org, freebsd-current@freebsd.org, kris@obsecurity.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
Subject:   Re: [ANN] unionfs patchset-13 release
Message-ID:  <2ad73a0605311125h7ac8a927t33bbfadf9fe18c33@mail.gmail.com>
In-Reply-To: <20060531133814.acykloyqhkcccg80@netchild.homeip.net>
References:  <E1F5gbI-000Eea-B7@cs1.cs.huji.ac.il> <43E73330.8070101@freebsd.org> <43EB4C00.2030101@freebsd.org> <4417DD8D.3050201@freebsd.org> <4433CA53.5050000@freebsd.org> <444E13BA.8050902@freebsd.org> <4475C119.1020305@freebsd.org> <447C919B.20303@freebsd.org> <86bqteikj4.fsf@xps.des.no> <20060531133814.acykloyqhkcccg80@netchild.homeip.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 5/31/06, Alexander Leidinger <Alexander@leidinger.net> wrote:
> If everyone is happy with the current patchset (if the man-page is
> still missing, we may agree that it can be delivered at a later time),
> I can try to get time to do it at the weekend (but feel free to beat
> me in committing it).

Hello,
I haven't been able to test whether the new patchset handles the bug I
reported to Mr. Daichi Goto but so far haven't received a reply.
Perhaps my message got lost somewhere, so I thought it would be a good
idea to report this bug again. I diff'ed -p11 against -p12 (not yet
against -p13) but haven't been able to determine myself if this bug
got fixed. To foreign a code for me to understand as I have no
background on the inner workings of FreeBSD's VFS, so I can't realy
tell if the differences were sufficient to fix the bug.

Here's a reprint of my bug report when -p11 was the newest available versio=
n.

A post scriptum to the original message:
The buggy behaviour won't affect the host system, but the jail could
well be compromised. I also have this feeling that ACLs also aren't
respected inside jails or can be overwritten as easily as shown below

Thanks,
Andr=E9

---------------------- 8< ----------------------

Hi,

Once again, thank you for your patch.

I believe I have found a bug:

If a file or directory has non-default flags and this directory is
mounted below a target point, the resulting union will not preserve
the directory flags. Worse, it will appear as if the file flags are
preserved, but they are not and as soon as a file that should not be
modified gets modified, the flags are reset to the default state on
the union mount. This could pose a *serious* security breach for
people running jails rooted on unionfs mounts, like I intended to.

Test case:
(discrepancies are marked by a line containing "**** NOTICE" and
aligned to fixed-length font display)

# cd /tmp
# mkdir -p test/a test/b/bb test/b/cc
# touch test/b/cc/dd
# chflags schg test/b/bb/
# chflags uappnd test/b/cc/dd
# ls -Rlo
total 2
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 test

./test:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 a
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 b

./test/a:
total 0

./test/b:
total 4
drwxr-xr-x  2 root  wheel  schg 512 Apr 29 08:12 bb
**** NOTICE 1a             ^^^^    ****
drwxr-xr-x  2 root  wheel  -    512 Apr 29 08:12 cc

./test/b/bb:
total 0

./test/b/cc:
total 0
-rw-r--r--  1 root  wheel  uappnd 0 Apr 29 08:12 dd
**** NOTICE 2a             ^^^^^^    ****
# echo ee >test/b/cc/dd
test/b/cc/dd: Operation not permitted.
# echo ee >> test/b/cc/dd
**** NOTICE: this is the intended behavior for the 'uappnd' flag ****
# cat test/b/cc/dd
ee
#
# mount_unionfs -c transparent -b test/b test/a
# ls -Rlo
total 2
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 test

./test:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 a
drwxr-xr-x  4 root  wheel  - 512 Apr 29 08:12 b

./test/a:
total 4
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 bb
**** NOTICE 1b            ^^^    ****
drwxr-xr-x  2 root  wheel  - 512 Apr 29 08:12 cc

./test/a/bb:
total 0

./test/a/cc:
total 2
-rw-r--r--  1 root  wheel  uappnd 3 Apr 29 08:15 dd
**** NOTICE 2b (LOOKS OK)  ^^^^^^    ****
./test/b:
total 4
drwxr-xr-x  2 root  wheel  schg 512 Apr 29 08:12 bb
drwxr-xr-x  2 root  wheel  -    512 Apr 29 08:12 cc

./test/b/bb:
total 0

./test/b/cc:
total 2
-rw-r--r--  1 root  wheel  uappnd 3 Apr 29 08:15 dd
# echo ff > test/a/cc/dd
# cat test/a/cc/dd
 ff
**** NOTICE: very wrong behavior for the 'uappnd' flag! ****
 # ls -lo test/a/cc/dd
-rw-r--r--  1 root  wheel  - 3 Apr 29 08:20 test/a/cc/dd
**** NOTICE 2c (NO FLAG!) ^^^    ****
# echo gg >test/b/cc/hh
# chflags schg test/b/cc/hh
# rm test/b/cc/hh
override rw-r--r--  root/wheel schg for test/b/cc/hh? yes
rm: test/b/cc/hh: Operation not permitted
**** NOTICE 3a    ^^^^^^^^^^^^^^^^^^^^^^^  ****
# ls -lo test/a/cc/hh
-rw-r--r--  1 root  wheel  schg 3 Apr 29 08:24 test/a/cc/hh
**** NOTICE 3b             ^^^^    ****
# rm test/a/cc/hh
override rw-r--r--  root/wheel schg for test/a/cc/hh? yes
**** NOTICE 3c (NO ERROR!)  ****
# ls -lo test/a/cc/
total 2
-rw-r--r--  1 root  wheel  - 3 Apr 29 08:20 dd
**** NOTICE 3d (the file is gone despite immutable flags seemingly set!)  *=
***

End of test case

It makes no difference to specify '-c tradicional'.

I skimmed over the patch code and have noticed no file flags or
director[y flags] are indeed [ever] copied to the shadow files.
[Edit: spelling]

I'd really appreciate if you could fix that for the patch version 12.

Thank you very much!
Andr=E9



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2ad73a0605311125h7ac8a927t33bbfadf9fe18c33>