When CONFIG_EXT3_FS_POSIX_ACL is not defined, ext3_init_acl() is an
inline function in fs/ext3/acl.h which doesn't check if a file is a
symlink before applying umask. I've always liked my acls to be
available (so never noticed), but came across this recently when trying
to explain why RedHat Enterprise 3's BOOT kernel creates symlinks 755
during kickstart.
I'm *assuming* this is a bug (acl code treats symlinks specially): It
doesn't affect functionality, but those 755 symlinks can be noisy in
your security reporting :-)
Can anyone tell me if there's a good reason why umask *should* be
applied to symlink permissions? Otherwise I guess (for 2.6.9):
--- fs/ext3/acl.h 2004-12-07 08:15:07.859199829 +0000
+++ fs/ext3/acl.h.khy 2004-12-07 08:05:11.631931063 +0000
@@ -5,6 +5,7 @@
*/
#include <linux/xattr_acl.h>
+#include <linux/stat.h>
#define EXT3_ACL_VERSION 0x0001
#define EXT3_ACL_MAX_ENTRIES 32
@@ -79,7 +80,8 @@
static inline int
ext3_init_acl(handle_t *handle, struct inode *inode, struct inode *dir)
{
- inode->i_mode &= ~current->fs->umask;
+ if (!S_ISLNK(inode->i_mode))
+ inode->i_mode &= ~current->fs->umask;
return 0;
}
#endif /* CONFIG_EXT3_FS_POSIX_ACL */
_______________________________________________
Ext3-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/ext3-users
