[Bug 1081502] ProcEnviron.txt

Andras Bendzsak benjoe at sch.bme.hu
Wed Nov 21 11:37:22 UTC 2012 

apport information

** Attachment added: "ProcEnviron.txt"
   https://bugs.launchpad.net/bugs/1081502/+attachment/3440224/+files/ProcEnviron.txt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/1081502

Title:
  posix acl permissions evaluated wrongly with null mask

Status in “acl” package in Ubuntu:
  Confirmed
Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux” package in Debian:
  New

Bug description:
  Hi!

  According to my experience the Linux Kernel Access Control evaluate
  wrongly the POSIX ACL-s when a mask is null (mask::---)

  Let's see an example:
  root at bar:~# getfacl /tmp/test 
  getfacl: Removing leading '/' from absolute path names
  # file: tmp/test
  # owner: root
  # group: root
  user::rw-
  user:foo:---
  group::r--                      #effective:---
  mask::---
            ^^^^^
  other::r--

  As we can see the foo user hasn't got any rights on the test file and a mask is zero.
  Let's try to read the file as the foo user:
  foo at bar:~$ cat /tmp/test
  FOOBAR
  foo at bar:~$ 

  Success.

  According to the documentation (man acl) user foo cannot access the file:
  "     2.   else if the effective user ID of the process matches the qualifier of any entry of type ACL_USER, then
                if the matching ACL_USER entry and the ACL_MASK entry contain the requested permissions, access is granted,
                else access is denied."

  If I change the the mask entry to something else:
  root at bar:~# getfacl /tmp/test 
  getfacl: Removing leading '/' from absolute path names
  # file: tmp/test
  # owner: root
  # group: root
  user::rw-
  user:foo:---
  group::r--                      #effective:---
  mask::-w-
            ^^^^^^
  other::r--

  the foo user cannot read the file:
  foo at bar:~$ cat /tmp/test 
  cat: /tmp/test: Permission denied

  I tested with ext4 and tmpfs with the same result. I also tested on a
  Solaris 9 machine where the permissions work as expected.

  System info:
  Description:    Ubuntu 12.04.1 LTS
  Release:        12.04

  acl:
    Installed: 2.2.51-5ubuntu1
    Candidate: 2.2.51-5ubuntu1
    Version table:
   *** 2.2.51-5ubuntu1 0
          500 http://hu.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
          100 /var/lib/dpkg/status

  Linux bar 3.2.0-29-generic-pae #46-Ubuntu SMP Fri Jul 27 17:25:43 UTC
  2012 i686 i686 i386 GNU/Linux

  Thank you for your time and I hope you can find the source of this issue.
  --- 
  ApportVersion: 2.0.1-0ubuntu13
  Architecture: i386
  DistroRelease: Ubuntu 12.04
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
  Package: linux
  PackageArchitecture: i386
  ProcVersionSignature: Ubuntu 3.2.0-29.46-generic-pae 3.2.24
  Tags:  precise
  Uname: Linux 3.2.0-29-generic-pae i686
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/1081502/+subscriptions

More information about the foundations-bugs mailing list