lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Sep 2015 22:38:34 +0200 From: Andreas Gruenbacher <agruenba@...hat.com> To: "J. Bruce Fields" <bfields@...ldses.org> Cc: Andreas Gruenbacher <andreas.gruenbacher@...il.com>, linux-kernel@...r.kernel.org, linux-fsdevel <linux-fsdevel@...r.kernel.org>, linux-nfs@...r.kernel.org, linux-api@...r.kernel.org, linux-cifs@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC v6 08/40] richacl: Compute maximum file masks from an acl 2015-09-02 21:54 GMT+02:00 J. Bruce Fields <bfields@...ldses.org>: >> + richacl_for_each_entry_reverse(ace, acl) { >> + if (richace_is_inherit_only(ace)) >> + continue; >> + >> + if (richace_is_owner(ace) || >> + (richace_is_unix_user(ace) && >> + uid_eq(ace->e_id.uid, owner))) { >> + if (richace_is_allow(ace)) >> + acl->a_owner_mask |= ace->e_mask; >> + else if (richace_is_deny(ace)) >> + acl->a_owner_mask &= ~ace->e_mask; >> + } else if (richace_is_everyone(ace)) { >> + if (richace_is_allow(ace)) { >> + acl->a_owner_mask |= ace->e_mask; >> + acl->a_group_mask |= ace->e_mask & gmask; >> + acl->a_other_mask |= ace->e_mask; >> + } else if (richace_is_deny(ace)) { >> + acl->a_owner_mask &= ~ace->e_mask; >> + acl->a_group_mask &= ~ace->e_mask; >> + acl->a_other_mask &= ~ace->e_mask; >> + } >> + } else { >> + if (richace_is_allow(ace)) { >> + acl->a_owner_mask |= ace->e_mask & gmask; >> + acl->a_group_mask |= ace->e_mask & gmask; > > I think we do that because we don't (we can't) know whether the owner > might match this ace, so we assume that it will match, as that's what > gives us the maximum. Yes. > But on first glance this is a little counterintuitive and maybe worth a > comment. I agree. Thanks, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists