105938 – Kernel: ext2/ext3 ACL abuse (CAN-2005-2801)

Bug 105938 - Kernel: ext2/ext3 ACL abuse (CAN-2005-2801)

Summary: Kernel: ext2/ext3 ACL abuse (CAN-2005-2801)

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://acl.bestbits.at/pipermail/acl-...
Whiteboard:	[2.6 < 2.6.11]
Keywords:

Depends on:
Blocks:

Reported:	2005-09-14 02:45 UTC by Thierry Carrez (RETIRED)
Modified:	2005-11-26 08:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-09-14 02:45:12 UTC

From Ubuntu's latest :

A flaw was discovered in the handling of extended attributes on ext2
and ext3 file systems. Under certain condidions, this could prevent
the enforcement of Access Control Lists, which eventually could lead
to information disclosure, unauthorized program execution, or
unauthorized data modification. This does not affect the standard Unix
permissions. (CAN-2005-2801)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-11-26 08:26:06 UTC

Should be a non-issue as this was fixed in 2.6.11; we shouldn't have any 2.6
trees older than that.