misc/125575: acl_valid() has wrong checks
Iustin Pop
iusty at k1024.org
Sun Jul 13 16:40:03 UTC 2008
>Number: 125575
>Category: misc
>Synopsis: acl_valid() has wrong checks
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jul 13 16:40:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Iustin Pop
>Release: 7.0-release
>Organization:
>Environment:
>Description:
As described in http://lists.freebsd.org/pipermail/posix1e/2008-June/000491.html, acl_valid() checks that the ACL in question does not contain an ACL_USER with the same ID as the current user (and the same for ACL_GROUP).
The check is not consisten with the kernel's validity check, and the POSIX.1e specification does not say such a check should be made.
IMHO, the userland checks should be the consistent with the kernel checks.
See also http://lists.freebsd.org/pipermail/posix1e/2008-July/000492.html
Thank you!
>How-To-Repeat:
Create manually an ACL and try to add an ACL with the current user ID to it, via acl_from_text, acl_create_entry, acl_set_tag_type, acl_set_qualifier, and the acl_valid call on this ACL will fail.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list