[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Acl-devel] Getting/setting default ACLs through file descriptors
From: |
Michael Orlitzky |
Subject: |
[Acl-devel] Getting/setting default ACLs through file descriptors |
Date: |
Tue, 27 Feb 2018 12:32:04 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 |
tl;dr need a way to get/set default ACLs using file descriptors.
I have a utility that can recursively apply one directory's default ACL
to its children. There's a security concern when doing that: if the
default ACL on "foo" grants an unprivileged user write access, then when
I descend and try to apply foo's ACL to "foo/bar", he has an opportunity
to replace "bar" with a symlink or hardlink.
To avoid that, I obtain a file descriptor (in a symlink-free manner)
then and immediately fstat it -- that's the best you can do to avoid
hard links. From then on, I use the fd instead of the path name.
This works great for ACL_TYPE_ACCESS lists, because I can use acl_get_fd
and acl_set_fd. But what if I want to propagate a default ACL from the
directory "foo" to the directory "foo/bar"? There doesn't seem to be a
way to do that safely. The acl*fd functions don't accept a type
argument, and always operate on the ACCESS list. For the default ACLs,
I'm forced to revert to acl_get_file and acl_set_file which take paths,
and the path can change its nature at any time.
Is there a reason for the discrepancy between acl*file and acl*fd? Any
hope of making them agree?
- [Acl-devel] Getting/setting default ACLs through file descriptors,
Michael Orlitzky <=