|
| From: | Andreas Grünbacher |
| Subject: | Re: [Acl-devel] Getting/setting default ACLs through file descriptors |
| Date: | Wed, 28 Feb 2018 10:29:36 +0100 |
tl;dr need a way to get/set default ACLs using file descriptors.
I have a utility that can recursively apply one directory's default ACL
to its children. There's a security concern when doing that: if the
default ACL on "foo" grants an unprivileged user write access, then when
I descend and try to apply foo's ACL to "foo/bar", he has an opportunity
to replace "bar" with a symlink or hardlink.
To avoid that, I obtain a file descriptor (in a symlink-free manner)
then and immediately fstat it -- that's the best you can do to avoid
hard links. From then on, I use the fd instead of the path name.
This works great for ACL_TYPE_ACCESS lists, because I can use acl_get_fd
and acl_set_fd. But what if I want to propagate a default ACL from the
directory "foo" to the directory "foo/bar"? There doesn't seem to be a
way to do that safely. The acl*fd functions don't accept a type
argument, and always operate on the ACCESS list. For the default ACLs,
I'm forced to revert to acl_get_file and acl_set_file which take paths,
and the path can change its nature at any time.
Is there a reason for the discrepancy between acl*file and acl*fd? Any
hope of making them agree?
| [Prev in Thread] | Current Thread | [Next in Thread] |