From bernd@heitec.net  Mon May  2 11:54:06 2005
Return-Path: <bernd@heitec.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 635CB16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 May 2005 11:54:06 +0000 (GMT)
Received: from christel.heitec.net (christel.heitec.net [62.206.253.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1610543D53
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 May 2005 11:54:06 +0000 (GMT)
	(envelope-from bernd@heitec.net)
Received: from tostan.admin.er.heitec.net (paladin.heitec.net [62.206.253.14])
	by christel.heitec.net (Postfix) with ESMTP id A004FA8939
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  2 May 2005 12:50:14 +0200 (CEST)
Received: (from root@localhost)
	by tostan.admin.er.heitec.net (8.13.3/8.13.1/Submit) id j42AoEvm017194;
	Mon, 2 May 2005 12:50:14 +0200 (CEST)
	(envelope-from bernd)
Message-Id: <200505021050.j42AoEvm017194@tostan.admin.er.heitec.net>
Date: Mon, 2 May 2005 12:50:14 +0200 (CEST)
From: Bernd Luevelsmeyer <bernd@heitec.net>
Reply-To: Bernd Luevelsmeyer <bdluevel@heitec.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Contrary to handbook, filesystem snapshots do not have the schg flag.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         80535
>Category:       docs
>Synopsis:       Contrary to handbook, filesystem snapshots do not have the schg flag.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 02 12:00:23 GMT 2005
>Closed-Date:    Thu Jun 16 04:50:32 GMT 2005
>Last-Modified:  Thu Jun 16 04:50:32 GMT 2005
>Originator:     Bernd Luevelsmeyer
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD 5.4-STABLE

>Description:
The handbook tells:
"During initial creation, the schg flag (see the chflags(1) manual page)
is set to ensure that even root cannot write to the snapshot."

This is not true, the schg flag is not set. Since the schg flag is
a security-instrument, I consider this to be a "serious" bug.

>How-To-Repeat:
mksnap_ffs /usr /usr/snap
find /usr -flags schg | grep snap
    (the snapshot file is not output)

>Fix:
Delete the quotet sentence from the handbook.
>Release-Note:
>Audit-Trail:

From: Matteo Riondato <rionda@gufi.org>
To: bug-followup@FreeBSD.org, bdluevel@heitec.net
Cc:  
Subject: Re: docs/80535: Contrary to handbook, filesystem snapshots do not have the schg flag.
Date: Wed, 8 Jun 2005 22:08:44 +0200

 Patch follows:
 --- chapter.sgml.old    Wed May 25 14:24:40 2005
 +++ chapter.sgml        Wed Jun  8 21:55:24 2005
 @@ -3141,13 +3141,6 @@
  	however all the used space may not be acquired because another snapshot will
 	possibly claim some of the released blocks.</para>
 
 -      <para>During initial creation, the <option>schg</option> flag (see the &man.chflags.1; manual page)
 -	is set to ensure that even <username>root</username> cannot write to the snapshot.
 -	The &man.unlink.1; command makes an exception for snapshot files
 -	since it allows them to be removed
 - 	with the <option>schg</option> flag set, so it is not necessary to
 -	clear the <option>schg</option> flag before removing a snapshot file.</para>
 -
        <para>Snapshots are created with the &man.mount.8; command.  To place
 	a snapshot of <filename>/var</filename> in the file
 	<filename>/var/snapshot/snap</filename> use the following
 
 
 -- 
 Rionda aka Matteo Riondato
 G.U.F.I. Staff Member (http://www.gufi.org)
 FreeSBIE Developer (http://www.freesbie.org)
State-Changed-From-To: open->closed 
State-Changed-By: hmp 
State-Changed-When: Thu Jun 16 04:47:05 GMT 2005 
State-Changed-Why:  
The "schg" file flag is not set, but it is specially marked using the 
"snapshot" file flag.  It has similar qualities to the former. 

I have updated the handbook to mention the correct file flag and how 
to search for snapshot files on a file system. 

Thanks! 


http://www.freebsd.org/cgi/query-pr.cgi?pr=80535 
>Unformatted:
