* [Bug 14507] New: cifs ACL exec permission granted where it should be denied
@ 2020-09-21 10:42 samba-bugs
0 siblings, 0 replies; only message in thread
From: samba-bugs @ 2020-09-21 10:42 UTC (permalink / raw)
To: cifs-qa
https://bugzilla.samba.org/show_bug.cgi?id=14507
Bug ID: 14507
Summary: cifs ACL exec permission granted where it should be
denied
Product: CifsVFS
Version: 5.x
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: kernel fs
Assignee: sfrench@samba.org
Reporter: bjacke@samba.org
QA Contact: cifs-qa@samba.org
Target Milestone: ---
if the owner of a file has exec permission, then cifs vfs seems to generally
grants exec permission on files where ACL does not actually grant exec
permission.
Example:
bjacke@cifstest1:/mnt3/a$ getcifsacl test.txt
REVISION:0x1
CONTROL:0x8c04
OWNER:S-1-5-21-4207148185-4040488370-1588356217-500
GROUP:S-1-5-21-4207148185-4040488370-1588356217-513
ACL:S-1-5-21-4207148185-4040488370-1588356217-500:ALLOWED/I/FULL
ACL:S-1-5-21-4207148185-4040488370-1588356217-513:ALLOWED/I/R
ACL:BUILTIN\Users:ALLOWED/I/R
I'm connected with a user who is just in the Users group and I *can* execute
the test.txt file. This should not be allowed. Only Administrator
(S-1-5-21-4207148185-4040488370-1588356217-500) has execute permission
according to the ACL.
--
You are receiving this mail because:
You are the QA Contact for the bug.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-21 10:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-21 10:42 [Bug 14507] New: cifs ACL exec permission granted where it should be denied samba-bugs
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).