From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@vger.kernel.org
Subject: [Bug 15875] New: Add options to disable POSIX acl for ext2/ext3/ext4 file systems
Date: Thu, 29 Apr 2010 09:29:12 GMT [thread overview]
Message-ID: <bug-15875-13602@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=15875
Summary: Add options to disable POSIX acl for ext2/ext3/ext4
file systems
Product: File System
Version: 2.5
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: enhancement
Priority: P1
Component: ext2
AssignedTo: fs_ext2@kernel-bugs.osdl.org
ReportedBy: t.artem@mailcity.com
Regression: No
VFAT becomes less of an option for many hardware producers and many of them
will be glad to embrace ext2/ext3/ext4 filesystems but they have an inherent
problem, they enforce POSIX ACLs.
So, imagine a situation when Peter who has UID=63555 (he's in a corporate
network and that's his real UID according to LDAP) formats his flash drive
using ext2/ext3/ext4 filesystem, then uses sudo to recursively chown the whole
filesystem for his own possession.
Now, Peter comes to a less savvy Alice who wasn't given root permissions on her
PC and she tries to open Peter's flash stick. Oops, Alice cannot open or read
any file on it. I can come up with ten other different scenarios when ACLs are
superfluous.
Taking this situation into consideration it becomes clear that ACL's for
removable storage is more a hassle than a security feature.
So, I strongly suggest implementing a flag which tells the kernel to disregard
all file/directory permissions on the aforementioned FS's.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
next reply other threads:[~2010-04-30 17:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-29 9:29 bugzilla-daemon [this message]
2010-04-29 9:30 ` [Bug 15875] Add an option to disable file/directory permissions for ext2/ext3/ext4 file systems bugzilla-daemon
2010-04-29 9:47 ` bugzilla-daemon
2010-04-29 9:54 ` bugzilla-daemon
2010-04-29 9:56 ` bugzilla-daemon
2010-04-29 10:16 ` bugzilla-daemon
2010-04-29 11:11 ` bugzilla-daemon
2010-05-06 12:36 ` bugzilla-daemon
2010-05-07 7:09 ` bugzilla-daemon
2010-05-31 7:50 ` [Bug 15875] Add an option to disable file/directory permissions for ACL'ed " bugzilla-daemon
2010-05-31 7:55 ` bugzilla-daemon
2010-07-04 14:25 ` bugzilla-daemon
2010-11-04 12:04 ` bugzilla-daemon
2010-11-04 15:48 ` bugzilla-daemon
2011-08-18 15:03 ` Chris Lee
2010-11-04 15:48 ` [Bug 15875] Add an option to disable file/directory access controls for USB stick-type storage devices bugzilla-daemon
2010-11-09 20:41 ` bugzilla-daemon
2010-12-09 16:50 ` bugzilla-daemon
2011-01-16 18:04 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-15875-13602@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@bugzilla.kernel.org \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.