From nobody@FreeBSD.org  Sun Jul 13 16:34:38 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8E751106567A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 13 Jul 2008 16:34:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 767088FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 13 Jul 2008 16:34:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6DGYbDu060067
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 13 Jul 2008 16:34:37 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m6DGYbXN060066;
	Sun, 13 Jul 2008 16:34:37 GMT
	(envelope-from nobody)
Message-Id: <200807131634.m6DGYbXN060066@www.freebsd.org>
Date: Sun, 13 Jul 2008 16:34:37 GMT
From: Iustin Pop <iusty@k1024.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: acl_valid() has wrong checks
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         125575
>Category:       kern
>Synopsis:       acl_valid() has wrong checks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 13 16:40:02 UTC 2008
>Closed-Date:    Sun Feb 01 18:55:02 UTC 2009
>Last-Modified:  Sun Feb 01 18:55:02 UTC 2009
>Originator:     Iustin Pop
>Release:        7.0-release
>Organization:
>Environment:
>Description:
As described in http://lists.freebsd.org/pipermail/posix1e/2008-June/000491.html, acl_valid() checks that the ACL in question does not contain an ACL_USER with the same ID as the current user (and the same for ACL_GROUP).

The check is not consisten with the kernel's validity check, and the POSIX.1e specification does not say such a check should be made.

IMHO, the userland checks should be the consistent with the kernel checks.

See also http://lists.freebsd.org/pipermail/posix1e/2008-July/000492.html

Thank you!
>How-To-Repeat:
Create manually an ACL and try to add an ACL with the current user ID to it, via acl_from_text, acl_create_entry, acl_set_tag_type, acl_set_qualifier, and the acl_valid call on this ACL will fail.
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: rwatson 
State-Changed-When: Sun Jul 13 16:53:23 UTC 2008 
State-Changed-Why:  
I've reproduced this bug using libc on FreeBSD 7.0 and 8.x using 
Iustin's test program: 

#include <sys/types.h> 
#include <sys/acl.h> 
#include <stdio.h> 
#include <unistd.h> 
#include <sys/types.h> 

int main() { 
acl_t ma; 
acl_entry_t e; 
uid_t user=getuid(); 

ma = acl_from_text("u::rw,g::r,o::-"); 
if(ma==NULL) 
perror("acl_from_text"); 
if(acl_valid(ma)==-1) 
perror("initial acl is not valid"); 
if(acl_create_entry(&ma, &e)==-1) 
perror("acl_create_entry"); 
if(acl_set_tag_type(e, ACL_USER)==-1) 
perror("acl_set_tag_type"); 
if(acl_set_qualifier(e, &user)==-1) 
perror("acl_set_qualifier"); 
if(acl_calc_mask(&ma)==-1) 
perror("acl_calc_mask"); 
if(acl_valid(ma)==-1) 
perror("modified acl is not valid"); 
} 



Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Sun Jul 13 16:53:23 UTC 2008 
Responsible-Changed-Why:  
Grab ownership of this PR since I wrote the code in question. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125575 
State-Changed-From-To: analyzed->patched 
State-Changed-By: rwatson 
State-Changed-When: Sun Jul 13 16:55:10 UTC 2008 
State-Changed-Why:  
I've updated libc to remove these checks: 

rwatson     2008-07-13 16:37:51 UTC 

FreeBSD src repository 

Modified files: 
lib/libc/posix1e     acl_support.c  
Log: 
SVN rev 180493 on 2008-07-13 16:37:51Z by rwatson 

The libc acl_valid(3) function validates the contents of a POSIX.1e ACL. 
This change removes the requirement that an ACL contain no ACL_USER 
entries with a uid the same as those of a file, or ACL_GROUP entries 
with a gid the same as those of a file.  This requirement is not in the 
specification, and not enforced by the kernel's ACL implementation. 

Reported by:    Iustin Pop <iusty at k1024 dot org> 
MFC after:      1 week 

Revision  Changes    Path 
1.15      +2 -8      src/lib/libc/posix1e/acl_support.c 

Please confirm that this fixes the problem for you, and I'll plan on MFC'ing 
the change to 6.x and 7.x in a week or two once the change has settled a bit. 

Thanks for the report! 


http://www.freebsd.org/cgi/query-pr.cgi?pr=125575 

From: Robert Watson <rwatson@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/125575: cvs commit: src/lib/libc/posix1e acl_support.c
 (fwd)
Date: Sun, 7 Sep 2008 00:56:41 +0100 (BST)

 No PR: field in the commit, so this didn't get mirrored to GNATS; forwarding 
 by hand.
 
 Date: Sun, 31 Aug 2008 12:56:03 +0000 (UTC)
 From: Robert Watson <rwatson@FreeBSD.org>
 To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
 Subject: cvs commit: src/lib/libc/posix1e acl_support.c
 
 rwatson     2008-08-31 12:56:03 UTC
 
    FreeBSD src repository
 
    Modified files:        (Branch: RELENG_7)
      lib/libc/posix1e     acl_support.c
    Log:
    SVN rev 182534 on 2008-08-31 12:56:03Z by rwatson
 
    Merge r180493 from head to stable/7:
 
      The libc acl_valid(3) function validates the contents of a POSIX.1e ACL.
      This change removes the requirement that an ACL contain no ACL_USER
      entries with a uid the same as those of a file, or ACL_GROUP entries
      with a gid the same as those of a file.  This requirement is not in the
      specification, and not enforced by the kernel's ACL implementation.
 
      Reported by:    Iustin Pop <iusty at k1024 dot org>
 
    Revision  Changes    Path
    1.14.2.1  +2 -8      src/lib/libc/posix1e/acl_support.c
State-Changed-From-To: patched->closed 
State-Changed-By: rwatson 
State-Changed-When: Sun Feb 1 18:54:11 UTC 2009 
State-Changed-Why:  
As the fix has been MFC'd and included in a release, go ahead and close the 
PR.  Thanks for the problem report, and please let me know if the problem 
recurs! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125575 
>Unformatted:
