*** This bug is a security vulnerability ***
Public security bug reported:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show
correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL
mask::--- instead of rwx, resulting in acl set for named users and groups are
ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set permissions
for named users and groups will survive. KO
setfacl --set or -m reports no error
Workaround : grant permissions to users that would not have them, eg.
o+rX or adduser reader writersgroup
** Affects: acl (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
** Description changed:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show
correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL
mask::--- instead of rwx, resulting in acl set for named users and groups are
ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set permissions
for named users and groups will survive. KO
setfacl --set or -m reports no error
- Workaround : grant permissions to users would not have them, eg. o+rX or
- adduser reader writersgroup
+ Workaround : grant permissions to users that would not have them, eg.
+ o+rX or adduser reader writersgroup
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/1376443
Title:
Default ACL not inherited as Access ACL on copy
Status in “acl” package in Ubuntu:
New
Bug description:
Ubuntu Desktop 14.04 fresh default installation
Default ACL and gid are set OK on parent folder (/srv/parent). (ext4)
mkdir child /srv/parent
and
touch /srv/parent/file /srv/parent/child/file
OK Both /srv/parent/file, /srv/parent/child/, /srv/parent/child/file show
correct same acl as /srv/parent (getfacl)
cp -r /media/<user>/<label>/SomeTree ends in corrupted ACL where Access ACL
mask::--- instead of rwx, resulting in acl set for named users and groups are
ineffective. KO
Although, default:mask::rwx is ok.
For regular (i.e. non dir) files in the copied SomeTree, Access ACL
mask::r-- instead of rwx, resulting in only r out of the set
permissions for named users and groups will survive. KO
setfacl --set or -m reports no error
Workaround : grant permissions to users that would not have them, eg.
o+rX or adduser reader writersgroup
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1376443/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
