| To: | Jeremy Allison <jra@xxxxxxxxx> |
|---|---|
| Subject: | Re: Security issue - storing NTACL's in non-NT-security-namespace |
| From: | Dave Chinner <david@xxxxxxxxxxxxx> |
| Date: | Sat, 14 Dec 2013 10:20:00 +1100 |
| Cc: | "L.A. Walsh" <samba@xxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Samba Technical <samba-technical@xxxxxxxxxxxxxxx>, xfs-oss <xfs@xxxxxxxxxxx> |
| Delivered-to: | xfs@xxxxxxxxxxx |
| In-reply-to: | <20131213220848.GG1005@samba2> |
| References: | <52A96211.3050602@xxxxxxxxx> <20131212181315.GB20500@samba2> <52AAC7CC.8000802@xxxxxxxxx> <20131213105314.GA2117@xxxxxxxxxxxxx> <52AB7CDC.5040801@xxxxxxxxx> <20131213220848.GG1005@samba2> |
| User-agent: | Mutt/1.5.21 (2010-09-15) |
On Fri, Dec 13, 2013 at 02:08:48PM -0800, Jeremy Allison wrote: > On Fri, Dec 13, 2013 at 01:32:12PM -0800, L.A. Walsh wrote: > > Now NOTE: if I don't use "explicit action" (-a) in my copy: > > > > Ishtar:law/Documents> /usr/bin/cp testfile.txt testcopy.txt > > Ishtar:law/Documents> attr -l testcopy.txt > > Attribute "SGI_ACL_FILE" has a 76 byte value for testcopy.txt > > > > ONLY the root-namespace ACL is save -- the user and security > > attributes are striped. > > What is the namespace for SGI_ACL_FILE ? That's XFS's on-disk name for a posix ACL, which are kept the root namespace. It's a file ACL, not a default ACL (which are named SGI_ACL_DEFAULT), so it was placed there by the user after VFS allowed it to be created. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [RFC] Handling of reviewed patch series, Dave Chinner |
|---|---|
| Next by Date: | Re: [RFC] Handling of reviewed patch series, Dave Chinner |
| Previous by Thread: | Re: Security issue - storing NTACL's in non-NT-security-namespace, L.A. Walsh |
| Next by Thread: | Re: BTW - to xfs folk, 'security attr' doesn't seem very useful w/current copy policies, L.A. Walsh |
| Indexes: | [Date] [Thread] [Top] [All Lists] |