Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 105938

Summary: Kernel: ext2/ext3 ACL abuse (CAN-2005-2801)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: security-kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
Whiteboard: [2.6 < 2.6.11]
Package list:
Runtime testing required: ---

Description Thierry Carrez (RETIRED) gentoo-dev 2005-09-14 02:45:12 UTC 
From Ubuntu's latest :

A flaw was discovered in the handling of extended attributes on ext2
and ext3 file systems. Under certain condidions, this could prevent
the enforcement of Access Control Lists, which eventually could lead
to information disclosure, unauthorized program execution, or
unauthorized data modification. This does not affect the standard Unix
permissions. (CAN-2005-2801)
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2005-11-26 08:26:06 UTC 
Should be a non-issue as this was fixed in 2.6.11; we shouldn't have any 2.6
trees older than that.