[Bug 1376443] [NEW] Default ACL not inherited as Access ACL on copy
Bib
1376443 at bugs.launchpad.net
Wed Oct 1 20:48:58 UTC 2014
*** This bug is a security vulnerability ***
Public security bug reported:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL mask::--- instead of rwx, resulting in acl set for named users and groups are ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set permissions
for named users and groups will survive. KO
setfacl --set or -m reports no error
Workaround : grant permissions to users that would not have them, eg.
o+rX or adduser reader writersgroup
** Affects: acl (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
** Description changed:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL mask::--- instead of rwx, resulting in acl set for named users and groups are ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set permissions
for named users and groups will survive. KO
setfacl --set or -m reports no error
- Workaround : grant permissions to users would not have them, eg. o+rX or
- adduser reader writersgroup
+ Workaround : grant permissions to users that would not have them, eg.
+ o+rX or adduser reader writersgroup
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/1376443
Title:
Default ACL not inherited as Access ACL on copy
Status in “acl” package in Ubuntu:
New
Bug description:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL mask::--- instead of rwx, resulting in acl set for named users and groups are ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set
permissions for named users and groups will survive. KO
setfacl --set or -m reports no error
Workaround : grant permissions to users that would not have them, eg.
o+rX or adduser reader writersgroup
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1376443/+subscriptions
More information about the foundations-bugs
mailing list