[LU-4704] Permission checking is missing when setfacl Created: 04/Mar/14 Updated: 30/May/14 Resolved: 05/Mar/14 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.6.0 |
| Fix Version/s: | Lustre 2.6.0, Lustre 2.5.1, Lustre 2.4.3 |
| Type: | Bug | Priority: | Blocker |
| Reporter: | Li Xi (Inactive) | Assignee: | Emoly Liu |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | patch | ||
| Issue Links: |
|
||||||||||||||||
| Severity: | 3 | ||||||||||||||||
| Rank (Obsolete): | 12939 | ||||||||||||||||
| Description |
|
Setxattr does not check the permission when setting ACL xattrs. This Following script will reproduce this problem.
mkdir $DIR chmod 700 $DIR $RUNAS -u test ls $DIR $RUNAS -u test setfacl -m u:test:rwx $DIR echo "Probelm reproduced!!" $RUNAS -u test ls $DIR echo "Security problem!!" |
| Comments |
| Comment by Li Xi (Inactive) [ 04/Mar/14 ] |
|
Please check this patch. (This one is for ll_setxattr_common().) |
| Comment by Peter Jones [ 04/Mar/14 ] |
|
Emoly Could you please look after this patch? Thanks Peter |
| Comment by Andreas Dilger [ 05/Mar/14 ] |
|
Emoly, I also see that acl/974.test and acl/2561.test are not included in the lustre/tests/Makefile.am nobase_noinst_DATA list, and those tests are being skipped. Could you please make a separate patch to add them to the list so they are in the RPM, and fix the test to fail if the test scripts are missing. |
| Comment by Bob Glossman (Inactive) [ 05/Mar/14 ] |
|
backport to b2_5: |
| Comment by Emoly Liu [ 07/Mar/14 ] |
|
The patch to enable acl/974.test and acl/2561.test is here: http://review.whamcloud.com/9541 |
| Comment by Bob Glossman (Inactive) [ 07/Mar/14 ] |
|
backport to b2_4: |
| Comment by Nathaniel Clark [ 30/May/14 ] |
|
backport sanity/103 (http://review.whamcloud.com/9541) tests to b2_5: |