Date: Thu, 20 Aug 2020 18:01:14 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 248787] sysutils/openzfs incorrect permissions handling in openzfs port Message-ID: <bug-248787-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248787 Bug ID: 248787 Summary: sysutils/openzfs incorrect permissions handling in openzfs port Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freqlabs@FreeBSD.org Reporter: walker.aj325@gmail.com Flags: maintainer-feedback?(freqlabs@FreeBSD.org) Assignee: freqlabs@FreeBSD.org There are two critical permissions-related vulnerabilities in the FreeBSD p= ort of openzfs (not base ZFS): Issue 1: _________ Users are always granted permissions to cd into a directory. The check for whether execute is present on directories is a de-facto no-op. This cannot be mitigated without upgrading. Even setting an explicit "deny - execute" NFSv4 ACE will be bypassed. Issue 2: _________ All allow ACEs for the owner_group (group@) and regular groups (group:<foo>) are granted to the current user. This means that POSIX mode 770 is de-facto 777, and the below ACL is also de-facto 777 because the groupmember check for builtin_administrators returns True. root@TESTBOX[~]# getfacl testfile # file: testfile # owner: root # group: wheel group:builtin_administrators:rwxpDdaARWcCos:-------:allow --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248787-7788>