On Tue, Dec 28, 2010 at 11:15 PM, Greg Freemyer <greg.freemyer@xxxxxxxxx> wrote: > So ACLs are lost? I'm not sure. Since preserving them might not be easy I think it's likely they're lost in some cases. > That seems like a potentially bigger issue than loosing the owner/group info. > > And I assume if the owner changes, then the new owner has privileges > to modify ACLs he didn't have previously. > > So if I want to instigate a simple denial of service in a multi-user > environment, I edit a few key docs that I have privileges to edit. ÂBy > doing so I take ownership. ÂAs owner I Âchange the permissions and > ACLs so that no one but me can access them. > > Seems like a security hole to me. If you have write access you can clear the data as well, so effectively the difference is small. Olaf -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
