Bug 266240 - ACL_READ_ATTRIBUTES denied has no effect on UFS
Summary: ACL_READ_ATTRIBUTES denied has no effect on UFS
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-05 21:10 UTC by Alan Somers
Modified: 2022-09-06 02:48 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Somers freebsd_committer freebsd_triage 2022-09-05 21:10:45 UTC 
Creating an NFSv4 ACL with an entry that denies ACL_READ_ATTRIBUTES ought to deny the user the ability to stat the file.  On ZFS, it does.  But on UFS, it has no effect.

Steps to Reproduce:

#! /bin/sh
truncate -s 1g /tmp/ufs.img
MD=`mdconfig -a -t vnode -f /tmp/ufs.img`
newfs $MD
tunefs -N enable /dev/$MD
sudo mount /dev/$MD /mnt
cd /mnt
touch foo
setfacl -a 0 user:nobody:------a-------:-------:deny foo
sudo -u nobody stat $FILE >/dev/null 2>&1
if [ $? -eq 0 ]; then
	echo -e "ERROR: user nobody can stat the file, despite being denied by ACL"
fi

cd /
umount /mnt
mdconfig -d -u $MD