[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

symlink permissions

When CONFIG_EXT3_FS_POSIX_ACL is not defined, ext3_init_acl() is an
inline function in fs/ext3/acl.h which doesn't check if a file is a
symlink before applying umask.  I've always liked my acls to be
available (so never noticed), but came across this recently when trying
to explain why RedHat Enterprise 3's BOOT kernel creates symlinks 755
during kickstart.

I'm *assuming* this is a bug (acl code treats symlinks specially): It
doesn't affect functionality, but those 755 symlinks can be noisy in
your security reporting :-)

Can anyone tell me if there's a good reason why umask *should* be
applied to symlink permissions?  Otherwise I guess (for 2.6.9):

--- fs/ext3/acl.h       2004-12-07 08:15:07.859199829 +0000
+++ fs/ext3/acl.h.khy   2004-12-07 08:05:11.631931063 +0000
@@ -5,6 +5,7 @@
 #include <linux/xattr_acl.h>
+#include <linux/stat.h>
 #define EXT3_ACL_VERSION       0x0001
 #define EXT3_ACL_MAX_ENTRIES   32
@@ -79,7 +80,8 @@
 static inline int
 ext3_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
-	inode->i_mode &= ~current->fs->umask;
+	if (!S_ISLNK(inode->i_mode))
+		inode->i_mode &= ~current->fs->umask;
 	return 0;
 #endif  /* CONFIG_EXT3_FS_POSIX_ACL */

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]