Bug 192227 - newfs creates .snap with world readable permissions 0777
Summary: newfs creates .snap with world readable permissions 0777
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.0-RELEASE
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2014-07-28 22:51 UTC by rsimmons0
Modified: 2021-04-16 15:59 UTC (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description rsimmons0 2014-07-28 22:51:59 UTC
According to the dump(8) man page, the .snap directory should have 0770 permissions, but after running newfs and mounting a UFS file system, the .snap directory permissions are 0777.
Comment 1 heliocentric 2015-12-13 23:13:26 UTC
I looked at the code, and after a newfs the permissions are 775. I validated this in the source code for newfs, that it creates the inode with permissions 755|020. The 755 is hard coded into mkfs.c.

I'm not sure how it is coming out as 777 in your case, as this code hasn't changed since 2005.
Comment 2 Sean Eric Fagan freebsd_committer 2019-04-25 20:49:59 UTC
The comment in the dump man page isn't entirely correct; it should be at least 050 (that is, owned by root, group operator, and readable+searchable by the group).

We could also change the newfs/mkfs.c code to use a more restrictive mode.
Comment 3 jessicaalba 2021-03-03 10:32:46 UTC
Comment 4 Ceri Davies 2021-04-16 15:59:26 UTC
dump(8) doesn't check permissions on .snap, only that it exists and is a directory.

As heliocentric@gmail.com says though, src/sbin/newfs doesn't have code that could create a .snap with mode 0777 so unless the submitter can give us a test case to reproduce then this could be closed.