[Bug 1081502] [NEW] posix acl permissions evaluated wrongly with null mask

Andras Bendzsak Wed, 21 Nov 2012 01:20:52 -0800

Public bug reported:

Hi!


According to my experience the Linux Kernel Access Control evaluate
wrongly the POSIX ACL-s when a mask is null (mask::---)

Let's see an example:
root@bar:~# getfacl /tmp/test 
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: root
# group: root
user::rw-
user:foo:---
group::r--                      #effective:---
mask::---
          ^^^^^
other::r--

As we can see the foo user hasn't got any rights on the test file and a mask is 
zero.
Let's try to read the file as the foo user:
foo@bar:~$ cat /tmp/test
FOOBAR
foo@bar:~$ 

Success.

According to the documentation (man acl) user foo cannot access the file:
"     2.   else if the effective user ID of the process matches the qualifier 
of any entry of type ACL_USER, then
              if the matching ACL_USER entry and the ACL_MASK entry contain the 
requested permissions, access is granted,
              else access is denied."

If I change the the mask entry to something else:
root@bar:~# getfacl /tmp/test 
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: root
# group: root
user::rw-
user:foo:---
group::r--                      #effective:---
mask::-w-
          ^^^^^^
other::r--

the foo user cannot read the file:
foo@bar:~$ cat /tmp/test 
cat: /tmp/test: Permission denied

I tested with ext4 and tmpfs with the same result. I also tested on a
Solaris 9 machine where the permissions work as expected.

System info:
Description:    Ubuntu 12.04.1 LTS
Release:        12.04

acl:
  Installed: 2.2.51-5ubuntu1
  Candidate: 2.2.51-5ubuntu1
  Version table:
 *** 2.2.51-5ubuntu1 0
        500 http://hu.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status

Linux bar 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC
2012 i686 i686 i386 GNU/Linux

Thank you for your time and I hope you can find the source of this
issue.

** Affects: acl (Ubuntu)
     Importance: Undecided
         Status: New

** Summary changed:

- posix acl is evaluated wrong  null mask
+ posix acl permissions evaluated wrongly with null mask

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1081502

Title:
  posix acl permissions evaluated wrongly with null mask

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1081502/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1081502] [NEW] posix acl permissions evaluated wrongly with null mask

Reply via email to