misc/175101: ZFS NFSv4 ACL's allows user without perm to delete and update timestamp
Sandra
littlesandra88 at gmail.com
Mon Jan 7 13:10:00 UTC 2013
>Number: 175101
>Category: misc
>Synopsis: ZFS NFSv4 ACL's allows user without perm to delete and update timestamp
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 07 13:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Sandra
>Release: 9
>Organization:
>Environment:
>Description:
In the output below, which is from the script in "How to repeat the problem", it can be seen that user "www" which doesn't own file1 and only have "rx" permissions on /tank/project1/test3 is able to delete /tank/project1/test3/file1 and by doing that updating the timestamp on /tank/project1/test3.
This should not be possible with the given permissions.
#!/usr/local/bin/bash -v
clear
p="/tank/project1"
d="$p/test3"
u="user1"
rm -rf $d
setfacl -b $p
setfacl -m group@::fd:allow $p || exit 1
setfacl -m everyone@::fd:allow $p || exit 1
setfacl -m owner@:rwx:fd:allow $p || exit 1
setfacl -m u:$u:full_set:fd:allow $p || exit 1
setfacl -m u:www:full_set:fd:allow $p || exit 1
getfacl $p
# file: /tank/project1
# owner: root
# group: wheel
user:www:rwxpDdaARWcCos:fd----:allow
user:user1:rwxpDdaARWcCos:fd----:allow
owner@:rwx-----------:fd----:allow
group@:--------------:fd----:allow
everyone@:--------------:fd----:allow
su -m $u -c "mkdir $d"
getfacl $d
# file: /tank/project1/test3
# owner: user1
# group: wheel
user:www:rwxpDdaARWcCos:fd----:allow
user:user1:rwxpDdaARWcCos:fd----:allow
owner@:rwx-----------:fd----:allow
group@:--------------:fd----:allow
everyone@:--------------:fd----:allow
su -m $u -c "touch $d/file1"
# user1 wants www only to have read access
su -m $u -c "setfacl -m u:www:rx:fd:allow $d || exit 1"
getfacl $d
# file: /tank/project1/test3
# owner: user1
# group: wheel
user:www:r-x-----------:fd----:allow
user:www:r-x-----------:fd----:allow
user:user1:rwxpDdaARWcCos:fd----:allow
owner@:rwx-----------:fd----:allow
group@:--------------:fd----:allow
everyone@:--------------:fd----:allow
# www should be able to read and delete because file1 was created before the ACL
getfacl $d/file1
# file: /tank/project1/test3/file1
# owner: user1
# group: wheel
user:www:rw-pDdaARWcCos:------:allow
user:user1:rw-pDdaARWcCos:------:allow
owner@:rw------------:------:allow
group@:--------------:------:allow
everyone@:--------------:------:allow
su -m www -c "touch $d/file2"
touch: /tank/project1/test3/file2: Permission denied
su -m www -c "cat $d/file1"
touch -amct 191212121212 $d
su -m www -c "rm $d/file1"
ls -ld $d
drwx------+ 2 user1 wheel 2 Jan 7 12:25 /tank/project1/test3
>How-To-Repeat:
#!/usr/local/bin/bash -v
clear
p="/tank/project1"
d="$p/test3"
u="user1"
rm -rf $d
setfacl -b $p
setfacl -m group@::fd:allow $p || exit 1
setfacl -m everyone@::fd:allow $p || exit 1
setfacl -m owner@:rwx:fd:allow $p || exit 1
setfacl -m u:$u:full_set:fd:allow $p || exit 1
setfacl -m u:www:full_set:fd:allow $p || exit 1
getfacl $p
su -m $u -c "mkdir $d"
getfacl $d
su -m $u -c "touch $d/file1"
# user1 wants www only to have read access
su -m $u -c "setfacl -m u:www:rx:fd:allow $d || exit 1"
getfacl $d
# www should not be able to delete file1, as delete have not been granted
# also notice that www's rm updates the timestamp on the parent dir.
# this should not be possible
getfacl $d/file1
su -m www -c "touch $d/file2"
su -m www -c "cat $d/file1"
touch -amct 191212121212 $d
su -m www -c "rm $d/file1"
ls -ld $d
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list