From winfried@miranda.expro.pl  Thu Feb  9 08:58:52 2006
Return-Path: <winfried@miranda.expro.pl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 29BE916A420
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Feb 2006 08:58:52 +0000 (GMT)
	(envelope-from winfried@miranda.expro.pl)
Received: from mailin2.expro.pl (mailin2.expro.pl [193.25.166.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8571C43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Feb 2006 08:58:51 +0000 (GMT)
	(envelope-from winfried@miranda.expro.pl)
Received: from miranda-1.dmz.exprozone ([10.0.16.20] helo=miranda.expro.pl)
	(envelope-sender <winfried@miranda.expro.pl>)
	by mailin2.expro.pl with esmtp (Exim 4.50)
	id 1F77db-0001Z5-6V; Thu, 09 Feb 2006 09:58:51 +0100
Received: by miranda.expro.pl (Postfix, from userid 1001)
	id C9FD654818; Thu,  9 Feb 2006 09:58:48 +0100 (CET)
Message-Id: <20060209085848.C9FD654818@miranda.expro.pl>
Date: Thu,  9 Feb 2006 09:58:48 +0100 (CET)
From: Jan Srzednicki <w@expro.pl>
To: FreeBSD-gnats-submit@freebsd.org
Cc: mcl@mclhq.com
Subject: support for ACLs (and extattr) missing in dump and restore
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         93085
>Category:       bin
>Synopsis:       dump(8): support for ACLs (and extattr) missing in dump(8) and restore(8)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    mckusick
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 09 09:00:19 GMT 2006
>Closed-Date:    Fri May 23 18:15:16 UTC 2008
>Last-Modified:  Fri May 23 18:15:16 UTC 2008
>Originator:     Jan Srzednicki
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
expro.pl
>Environment:

FreeBSD 5.4-RELEASE
FreeBSD 6.0-STABLE, cvsupped on January the 31th
	
>Description:

ACLs are a very useful tool in constructing more advanced security model of
a given machine. But, as it appears, FreeBSD basic backup utilities, as
is stated in the handbook: 

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html

dump and restore that is - are missing support for ACLs and other
extended filesystem attributes. CVS log for src/sbin/dump/main.c states
that only in a TODO list. Grepping the source also shows no reference to
the relevant functions (acl_*(3), __acl_*(2) or extattr_*(2)):

cd /usr/src/sbin && grep -riE '(extattr|acl)' dump restore

Doing some research on the network, I found some notions that explicitly
state that dump and restore HAVE support for ACLs, for example an
article on ONLamp:

http://www.onlamp.com/pub/a/bsd/2003/08/14/freebsd_acls.html

It's also worth noting that tar on 5.4-RELEASE also doesn't support
ACLs, though the man page says it does with the '-p' option. And the pax
utility (/bin/pax) doesn't support ACLs on both FreeBSD versions.

So, there are two issues:

1. No notion of lacking support for ACLs in the handbook or in the man
pages (dump and restore) or anywhere else. This may open a security
thread in a system that has been built with ACL security model and an
administrator being unaware of his ACL work not being backuped. After
dump&restore of such a system ACLs are dead and gone.

Of course, one can write some helper script for dump&restore that would
find all the ACL-enabled files, store information on them and restore
them if necessary. But the administrator has to be aware of such a need.
That's why I have marked this PR as high-priority and serious severity.

2. Lack of support for ACLs in the dump&restore utilities itself. As
they're considered basic and recommended backup utilities (at least
that's what the handbook says), such a support is more than needed.
Scripting for backups is ugly.

	
>How-To-Repeat:

dump && restore:

1. Dump a partition with some ACLs.
2. Create a new UFS2 partition, 'tunefs -a enable' it, mount it with -oacls
   just to be sure.
3. restore the dumped partition onto a new one.
4. find /newpartition -acl

ACLs are gone.

tar (only on 5.4-RELEASE):

cd /acl-enabled-partition/tmp-dir
mkdir foo bar
touch foo/file
setfacl -m 'mask::rwx,u:bin:rwx' foo/file
tar -cvp -f- -C foo file | ( cd bar && tar -xp -f- )
getfacl bar/foo/file

ALCs are gone.
	
>Fix:

Fast:

Fix the backup entry in the handbook.

Slow:

Fix dump and restore.
	


>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/93085: commit references a PR
Date: Mon, 26 Feb 2007 08:16:07 +0000 (UTC)

 mckusick    2007-02-26 08:15:56 UTC
 
   FreeBSD src repository
 
   Modified files:
     include/protocols    dumprestore.h 
     sbin/restore         restore.h extern.h dirs.c tape.c 
     sbin/dump            dump.h traverse.c 
   Log:
   Update the dump program to save extended attributes. Update
   the restore program to restore all dumped extended attributes.
   
   If the restore is running as root, it will always be able
   to restore all extended attributes. If it is not running
   as root, it makes a best effort to set them. Using the -v
   command line flag or the `verbose' command in interactive
   mode will display all the extended attributes being set on
   files (and at the end on directories) that are being restored.
   It will note any extended attributes that could not be set.
   
   The extended attributes are placed on the dump image immediately
   following each file's data. Older versions of restore can work
   with the newer dump images. Old versions of restore will
   correctly restore the file data and then (silently) skip
   over the extended attribute data and proceed to the next file.
   
   This resolves PR 93085 which will be closed once the code
   has been MFC'ed.
   
   Note that this code will not compile until these header
   files have been updated: <protocols/dumprestore.h> and
   <sys/extattr.h>.
   
   PR:             bin/93085
   Comments from:  Poul-Henning Kamp and Robert Watson
   MFC after:      3 weeks
   
   Revision  Changes    Path
   1.11      +2 -1      src/include/protocols/dumprestore.h
   1.28      +0 -2      src/sbin/dump/dump.h
   1.38      +166 -18   src/sbin/dump/traverse.c
   1.31      +54 -12    src/sbin/restore/dirs.c
   1.11      +3 -1      src/sbin/restore/extern.h
   1.12      +1 -0      src/sbin/restore/restore.h
   1.48      +290 -13   src/sbin/restore/tape.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: linimon 
State-Changed-When: Sat Jan 26 02:35:30 UTC 2008 
State-Changed-Why:  
Robert, this never got MFCed to 6.  Can you take a look and advise 
whether it will be feasible to do so? 


Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Jan 26 02:35:30 UTC 2008 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=93085 

From: Alex Keda <admin@lissyara.su>
To: bug-followup@FreeBSD.org, w@expro.pl
Cc:  
Subject: Re: bin/93085: support for ACLs (and extattr) missing in dump(8)
 and restore(8)
Date: Sat, 16 Feb 2008 01:31:19 +0300

 FreeBSD 6.2 - dump/restore missing ACL.
Responsible-Changed-From-To: rwatson->mckusick 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Fri Feb 15 23:19:23 UTC 2008 
Responsible-Changed-Why:  
Assign to Kirk since he may be doing an MFC of this code to 6.x. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=93085 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/93085: commit references a PR
Date: Fri, 23 May 2008 18:08:37 +0000 (UTC)

 mckusick    2008-05-23 18:08:32 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     include/protocols    dumprestore.h 
     sbin/dump            dump.h traverse.c 
     sbin/restore         dirs.c extern.h restore.h tape.c 
     share/man/man5       fs.5 
     sys/sys              extattr.h 
     sys/ufs/ufs          extattr.h 
   Log:
   MFC of an update to the dump program to save extended attributes
   and an update to the restore program to restore all dumped extended
   attributes. The affected files and the version being MFC'ed:
   
     Revision  Path
     1.11      src/include/protocols/dumprestore.h
     1.28      src/sbin/dump/dump.h
     1.38      src/sbin/dump/traverse.c
     1.31      src/sbin/restore/dirs.c
     1.11      src/sbin/restore/extern.h
     1.12      src/sbin/restore/restore.h
     1.48      src/sbin/restore/tape.c
     1.16      src/sys/sys/extattr.h
     1.21      src/sys/ufs/ufs/extattr.h
     1.24      src/share/man/man5/fs.5
   
   Note that this code will not compile until these header
   files have been updated: <protocols/dumprestore.h> and
   <sys/extattr.h>. This should happen in the course of doing
   a normal `buildworld'.
   
   This resolves PR 93085 which will be closed.
   
   PR:             bin/93085
   MFC request by: Robert Watson
   
   Revision   Changes    Path
   1.10.14.1  +2 -1      src/include/protocols/dumprestore.h
   1.27.2.1   +0 -2      src/sbin/dump/dump.h
   1.36.2.3   +166 -18   src/sbin/dump/traverse.c
   1.30.2.1   +54 -12    src/sbin/restore/dirs.c
   1.10.8.1   +3 -1      src/sbin/restore/extern.h
   1.10.2.1   +1 -0      src/sbin/restore/restore.h
   1.44.2.2   +291 -13   src/sbin/restore/tape.c
   1.22.2.1   +58 -1     src/share/man/man5/fs.5
   1.12.10.1  +16 -0     src/sys/sys/extattr.h
   1.20.2.1   +49 -0     src/sys/ufs/ufs/extattr.h
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: mckusick 
State-Changed-When: Fri May 23 18:14:16 UTC 2008 
State-Changed-Why:  
the change has been MFC'ed into RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93085 
>Unformatted:
