[OpenAFS-devel] allocating "C" acl bit
Jeffrey Hutzelman
jhutz@cmu.edu
Thu, 31 Jan 2008 11:49:08 -0500
--On Thursday, January 31, 2008 11:24:23 AM -0500 Derrick Brashear
<shadow@gmail.com> wrote:
> The following small patch against OpenAFS 1.4.5 will allow users to to
> change file ownership to another user with the chown command (System 5
> chown semantics). The
> reserved 'C' ACL entry (rlidwkaABCDEFGH) is used to control when this is
> permitted (set
> using the standard 'fs setacl' command).
>
> Is this something of general use or is this going to cause issues for
> people? Discussion?
There's some risk in allocating any of the uppercase ACL bits; we know some
of them have been used for various things in the past. I think it's time
we started thinking about how to safely extend the set of available bits
beyond 15 in a way that won't break interoperability with existing clients.
Your proposed patch also fails to implement an important part of SysV ACL
semantics, which is that changing the owner of a file causes its setuid bit
to be cleared. Without that behavior, this becomes a gaping security hole.
-- Jeff