On Sun, 7 Apr 2002, Andi Kleen wrote:
> On Sat, Apr 06, 2002 at 04:10:40PM -0900, Ethan Benson wrote:
> > On Sat, Apr 06, 2002 at 06:28:42PM +0200, Andreas Gruenbacher wrote:
> > > > 1) some sort of mount options to change xattr semantecs, for example
> > >
> > > This does not address the real problem, and therefore makes no sense.
> >
> > i agree, i was mainly looking for options to let me close this hole as
> > fast as possible.
>
> I'm proposing this patch. As Andreas pointed out it doesn't make much sense
> to set ACLs on symlinks or special devices. I still allow it for root.
There seems to be some misunderstanding here. I was only talking about
extended attributes in the user namespace in my previous reply to Ethan. I
think that user EA's should be disallowed for symlinks and special files.
Which files shall have ACLs is specified in POSIX 1003.1e draft 17:
Symlinks don't have ACLs; all other files do. We have no security problem
with ACLs.
--Andreas.
------------------------------------------------------------------------
Andreas Gruenbacher, a.gruenbacher@xxxxxxxxxxxx
Contact information: http://www.bestbits.at/~ag/
|