Security issue - storing NTACL's in non-NT-security-namespace
Dave Chinner
david at fromorbit.com
Fri Dec 13 16:20:00 MST 2013
On Fri, Dec 13, 2013 at 02:08:48PM -0800, Jeremy Allison wrote:
> On Fri, Dec 13, 2013 at 01:32:12PM -0800, L.A. Walsh wrote:
> > Now NOTE: if I don't use "explicit action" (-a) in my copy:
> >
> > Ishtar:law/Documents> /usr/bin/cp testfile.txt testcopy.txt
> > Ishtar:law/Documents> attr -l testcopy.txt
> > Attribute "SGI_ACL_FILE" has a 76 byte value for testcopy.txt
> >
> > ONLY the root-namespace ACL is save -- the user and security
> > attributes are striped.
>
> What is the namespace for SGI_ACL_FILE ?
That's XFS's on-disk name for a posix ACL, which are kept the root
namespace. It's a file ACL, not a default ACL (which are named
SGI_ACL_DEFAULT), so it was placed there by the user after VFS
allowed it to be created.
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the samba-technical
mailing list