From suiram@port294.megapop.eunet.no  Fri Oct  6 21:34:26 2000
Return-Path: <suiram@port294.megapop.eunet.no>
Received: from port294.megapop.eunet.no (port294.megapop.eunet.no [193.91.253.44])
	by hub.freebsd.org (Postfix) with ESMTP id 666AF37B66C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Oct 2000 21:34:24 -0700 (PDT)
Received: (from suiram@localhost)
	by suiram.freebsd.org (8.9.3/8.9.3) id EAA23805;
	Sat, 7 Oct 2000 04:23:40 +0200 (CEST)
	(envelope-from suiram)
Message-Id: <200010070223.EAA23805@suiram.freebsd.org>
Date: Sat, 7 Oct 2000 04:23:40 +0200 (CEST)
From: mbendiks@eunet.no
Sender: suiram@port294.megapop.eunet.no
Reply-To: mbendiks@eunet.no
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patches] Request change to msdosfs semantics
X-Send-Pr-Version: 3.2

>Number:         21807
>Category:       kern
>Synopsis:       [msdosfs] [patch] Make System attribute correspond to SF_IMMUTABLE
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    trhodes
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 06 21:40:01 PDT 2000
>Closed-Date:    
>Last-Modified:  Fri May  3 17:30:02 UTC 2013
>Originator:     Marius Bendiksen
>Release:        FreeBSD 4.1-RELEASE i386
>Organization:
n/a
>Environment:

	not relevant.

>Description:

	In MS-DOS, the usage of the system attribute roughly corresponds to the
	typical use of the SF_IMMUTABLE attribute in Unix. I think changing the
	current semantics would be an improvement as far as compatibility goes,
	and there should be few POLA issues with it.

>How-To-Repeat:

	not relevant.

>Fix:

	In /sys/msdosfs; diff -u4

--- ./msdosfs_vnops.c.orig	Sun Sep 24 14:12:47 2000
+++ ./msdosfs_vnops.c	Sun Sep 24 14:18:58 2000
@@ -171,10 +171,12 @@
 	error = uniqdosname(pdep, cnp, ndirent.de_Name);
 	if (error)
 		goto bad;
 
-	ndirent.de_Attributes = (ap->a_vap->va_mode & VWRITE) ?
-				ATTR_ARCHIVE : ATTR_ARCHIVE | ATTR_READONLY;
+	ndirent.de_Attributes = ((ap->a_vap->va_mode & VWRITE) ?
+				ATTR_ARCHIVE : ATTR_ARCHIVE | ATTR_READONLY) |
+				((ap->a_vap->va_flags & SF_IMMUTABLE) ?
+				ATTR_SYSTEM : 0);
 	ndirent.de_LowerCase = 0;
 	ndirent.de_StartCluster = 0;
 	ndirent.de_FileSize = 0;
 	ndirent.de_dev = pdep->de_dev;
@@ -275,8 +277,12 @@
 			break;
 		}
 	}
 
+	/* System (SF_IMMUTABLE) files cannot be written by anyone. */
+	if ((mode & VEXEC) && (dep->de_Attributes & ATTR_SYSTEM))
+		return EPERM;
+
 	return (vaccess(vp->v_type, file_mode, pmp->pm_uid, pmp->pm_gid,
 	    ap->a_mode, ap->a_cred, NULL));
 }
 
@@ -333,9 +339,9 @@
 	} else {
 		vap->va_atime = vap->va_mtime;
 		vap->va_ctime = vap->va_mtime;
 	}
-	vap->va_flags = 0;
+	vap->va_flags = (dep->de_Attributes & ATTR_SYSTEM) ? SF_IMMUTABLE : 0;
 	if ((dep->de_Attributes & ATTR_ARCHIVE) == 0)
 		vap->va_flags |= SF_ARCHIVED;
 	vap->va_gen = 0;
 	vap->va_blocksize = pmp->pm_bpcluster;
@@ -384,8 +390,12 @@
 		    vap->va_uid, vap->va_gid);
 #endif
 		return (EINVAL);
 	}
+	/* Check for immutability and securelevel */
+	if ((dep->de_Attributes & ATTR_SYSTEM) && (securelevel > 0))
+		return EPERM;
+	/* Set appropriate flags */
 	if (vap->va_flags != VNOVAL) {
 		if (vp->v_mount->mnt_flag & MNT_RDONLY)
 			return (EROFS);
 		if (cred->cr_uid != pmp->pm_uid &&
@@ -401,12 +411,19 @@
 		 * users to attempt to set SF_SETTABLE bits or anyone to
 		 * set unsupported bits.  However, we ignore attempts to
 		 * set ATTR_ARCHIVE for directories `cp -pr' from a more
 		 * sensible file system attempts it a lot.
+		 *
+		 * An exception with regards to the SF_SETTABLE bits, is
+		 * SF_IMMUTABLE, which we map to ATTR_SYSTEM.
 		 */
 		if (cred->cr_uid != 0) {
-			if (vap->va_flags & SF_SETTABLE)
+			if (vap->va_flags & (SF_SETTABLE^SF_IMMUTABLE))
 				return EPERM;
+			if (vap->va_flags & SF_IMMUTABLE)
+				dep->de_Attributes |= ATTR_SYSTEM;
+			else
+				dep->de_Attributes &= ~ATTR_SYSTEM;
 		}
 		if (vap->va_flags & ~SF_ARCHIVED)
 			return EOPNOTSUPP;
 		if (vap->va_flags & SF_ARCHIVED)
@@ -414,8 +431,10 @@
 		else if (!(dep->de_Attributes & ATTR_DIRECTORY))
 			dep->de_Attributes |= ATTR_ARCHIVE;
 		dep->de_flag |= DE_MODIFIED;
 	}
+	if (dep->de_Attributes & ATTR_SYSTEM)
+		return EPERM;
 
 	if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) {
 		uid_t uid;
 		gid_t gid;

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: bp 
State-Changed-When: Sun Oct 22 07:34:08 PDT 2000 
State-Changed-Why:  
Interesting idea. Could you please submit it to freebsd-fs ? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21807 
Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: johan 
Responsible-Changed-When: Mon Aug 19 10:55:04 PDT 2002 
Responsible-Changed-Why:  
Lets see what -fs think about this proposal. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21807 
Responsible-Changed-From-To: freebsd-fs->fs 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sat Aug 24 19:04:07 PDT 2002 
Responsible-Changed-Why:  
Use short names for mailing list to make searches    
using the web query form work with the shown responsible. 

This also makes open PR show up in the summery mail. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=21807 
Responsible-Changed-From-To: fs->freebsd-bugs 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Mon Jan 27 16:41:38 PST 2003 
Responsible-Changed-Why:  

The -fs list has not expressed any interest. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21807 
Responsible-Changed-From-To: freebsd-bugs->trhodes 
Responsible-Changed-By: remko 
Responsible-Changed-When: Fri Dec 29 20:16:49 UTC 2006 
Responsible-Changed-Why:  
Hey Tom, you as a maintainer of msdosfs (afair) can you have a look at 
the ticket? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21807 

From: John Baldwin <jhb@freebsd.org>
To: bug-followup@freebsd.org,
 mbendiks@eunet.no
Cc: Ken Merry <ken@freebsd.org>
Subject: Re: kern/21807: [msdosfs] [patch] Make System attribute correspond to SF_IMMUTABLE
Date: Fri, 3 May 2013 11:49:00 -0400

 Ken,
 
 I think your recent patches to update file flags probably obsoletes this PR?
 
 -- 
 John Baldwin
>Unformatted:
