pkgsrc-bugs: pkg/36656: amanda-client will fail to backup the requested filesystem

Subject: pkg/36656: amanda-client will fail to backup the requested filesystem
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
List: pkgsrc-bugs
Date: 07/16/2007 10:45:00
>Number:         36656
>Category:       pkg
>Synopsis:       amanda-client will fail to backup the requested filesystem
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 16 10:45:00 +0000 2007
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 3.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
	
	
System: NetBSD test-s0 3.1 NetBSD 3.1 (test-s0) #0: Tue Apr 3 11:33:43 CEST 2007 root@test-s0:/usr/src/sys/arch/i386/compile/test-s0 i386
Architecture: i386
Machine: i386
>Description:
	The client code of amanda retries the information about the filesytem
	to be backed up from the amanda server in a UPD packet.
	The client code wil then check the retrieved path information agains
	the entries in /etc/fstab on all architectures other than pc-cygwin.
	(I don't get the point why amanda is dooing this, but thats not the
	problem.)
	The function "search_fstab()" in client-src/getfsent.c will to this
	check and if it assumes it has found a mount point it ignores the
	path in formation passed from the server and replaces it with the
	mountpoint. And here is a big bug in it!!!!!!
	The function "search_fstab()" setup three stat-buffers and set st_dev
	to -1 to mark then as invalid. The structures are allocated on the
	stack, so the contents of all other fileds is random.
	In most cases only two of the structures are used - so the last on
	will have st_dev == -1 in all cases.
	If you now pass try to backup a directory the search for a mountpoint
	wil fail as expected. But it there are some psuedo filesystem in
	/etc/fstab such as /proc, the call to stat on /proc will give st_dev
	with the value -1 and st_ino = 2 as a valid entry.
	Now the compare routine does not ignore any entry with st_dev == -1,
	so it depends on garbage on the stack if it will match or not.
	And if it will match, it will match all the time - as done on some of
	our machines.
	The result of the match is, that the amanda-client will tell the server
	it is backup up the requested filesystem (or directory inside of a
	filesystem), but in real the client starts backing up /proc.
	You can recognize this only if you look into the file lists - there
	is no other indication of this problem!

	The reason why it is nessesary to specify some directories too and not
	only mountpoints as starting point for a backup depends on the missing
	ability of the amanda software to backup a filesystem larger than a
	tape.
	This bug makes the amanda software unreliable so that you will not
	know if you have backuped up the requested things until you have
	checked the file list by hand!

	My amanda version is 2.4.4p4 from pkgsrc-1Q2007. I've not the time to
	switch to 2Q2007 but I'm shure this bug has not been fixed. It looks
	like it is in there since 2002 ...
	Not only NetBSD is affected, we have had the same problem on a Linux
	box too.
>How-To-Repeat:
	If you have the homedirectories located on a server in /home.stand and 
	you decide to backup each homedirectory as an own tape-file due to
	security and space reasons, you need to specify /home.stand/<user> for
	each user.
	If the server has /proc in the fstab, and you are out of luck with the
	garbage on the stack, /proc gets backup'd for each user again and again.
>Fix:
	There are multiple ways to fix this problem:
	1. change configure.in and set IGNORE_FSTAB in all cases.
	   This will comment out the whole function - as done for cygwin only
	   up to now. I cannot see any use in looking up /etc/fstab for the
	   filesystem to be backed up and change the path. (Perhaps if you
	   Jspecify a path to a symlink it would be nessesary to replace it,
	   but I treat this as a config error on the server.)
	2. change the "samefile()" routine that does the check and check st_dev
	   for -1 - never return true if it is -1.
	3. filter out any special filesystem in all "get_fstab_nextenty()" 
	   implementations.
	4. remove the whole /etc/fstab lookup stuff from the client code if
	   running gtar as dump-program. (just do not call the fstab lookup
	   stuff in such a case)
	- I'm shure there are even more ways to fix it ...
	I would prefere version 1, because I cannot see any advantage in looking
	into /etc/fstab if I want to backup everything below given directory on
	a filesystem. But version 2 is also a good aproach if the semantic with
	/etc/fstab shouldn't been thrown out.

	remark: I've didn't send fix bug-report to the amanda developpers,
	        because I don't know a way to do it and there are lots of fixed
		in the pkgsrc-tree for amanda. I think that one shoul be an
		addirional fix to original distribution.

>Unformatted: