2014-04-20 17:58 GMT+02:00 Alexander E. Patrakov <patrakov at gmail.com>: > I have prepared two conflicting patches and believe that applying any > of them will work around your bug (which is really in the CIFS server). > Please use your own judgement to pick one of the patches. > > My own preference would be: > [PATCH] Remove redundant check of directory permissions > > ...but this is rather risky from the security standpoint, so any > additional audit would be appreciated. > > -- > Alexander E. Patrakov > _______________________________________________ > pulseaudio-discuss mailing list > pulseaudio-discuss at lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss You are right ! With EXT4 ACLs the chmod command change the file mask to give access only to the owner. With CIFS the corresponding ACL entries are modified but the mask remain "rwx". But with one of there commands typed manually, pulseaudio works : -> setfacl -b .pulse && chmod 0700 .pulse -> setfacl -m m:--- .pulse I will send a question to the samba4 mailing list. We will see what they think about this problem. It difficult to me to say if PulseAudio need a fix. Is POSIX filesytem only support acceptable ? Maybe the best solution is to have a configuration variable that permit to disable the secure directory check. At that time, I fixed the problem by creating manually all the .pulse folders with pam_exec but it is not really a clean fix. That you very much for your work ! Baptiste.
