Bug 241062

Summary: bectl: generated mount should be done in /var/tmp not in /tmp
Product: Base System Reporter: Slawomir Wojciech Wojtczak <vermaden>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed Feedback Timeout    
Severity: Affects Many People    
Priority: ---    
Version: 12.1-RELEASE   
Hardware: Any   
OS: Any   

Description Slawomir Wojciech Wojtczak 2019-10-04 16:06:41 UTC 
The bectl(8) tool mounts BE in /tmp dir.

I already fixed that in beadm(8) to mount them in /var/tmp.

This is very bad and dangerous because if have 'clear_tmp_enable=YES' set in /etc/rc.conf file then imagine following scenario:

1. # bectl mount BE
2. # shutdown now (single user more)
3. Hit CTRL-D to get back to multiuser mode.
4. The /etc/rc.d/cleartmp script is executed.
5. You jus wiped out contents of BE mounted at /tmp.

# bectl list
BE   Active Mountpoint Space Created
11.3 -      -          6.18G 2019-09-02 13:18
12.1 NR     /          8.74G 2019-08-01 14:24
safe -      -          1.17G 2019-10-02 23:10

# bectl mount 11.3
successfully mounted 11.3 at /tmp/be_mount.vlYN

# bectl list
BE   Active Mountpoint Space Created
11.3 -      /tmp/be_mount.vlYN         6.18G 2019-09-02 13:18
12.1 NR     /          8.74G 2019-08-01 14:24
safe -      -          1.17G 2019-10-02 23:10

Regards.
Comment 1 Andriy Gapon freebsd_committer freebsd_triage 2019-10-05 19:41:20 UTC 
Alternative view: whatever cleartmp does it should make sure to not cross mount points.  In fact, I believe that cleartmp already obeys that rule.
Have you tried to test your scenario (with a throw-away BE, of course) ?
Comment 2 Slawomir Wojciech Wojtczak 2019-10-05 19:54:11 UTC 
(In reply to Andriy Gapon from comment #1)

The cleartmp script literally wiped one of my mounted BE's.

I have backups so it not 'hit' me but that is the point when I got the 'a-ha' moment.
Comment 3 Andriy Gapon freebsd_committer freebsd_triage 2019-10-05 20:02:59 UTC 
That's strange. I see that the script uses find -x for its job, -x instructs to not traverse mount points...  Ah, but then it execs rm -rf -- {} which will happily remove everything under a mountpoint.

I think that it's a bug of cleartmp.