[PATCH] Apply ACLs even if acl list reading failed
Lubomir Kundrak
lkundrak at redhat.com
Thu Mar 6 11:52:39 PST 2008
On Thu, 2008-03-06 at 19:50 +0100, Danny Kukawka wrote:
> On Mittwoch, 5. März 2008, Lubomir Kundrak wrote:
> > List of applied ACLs can get corrupted, and that prevents hal-acl-tool
> > from ever touching it again and fixing. Trivial fix attached.
> >
> > If that was due to a crash, etc, it is not valid any longer anyways. In
> > that case probably it would make sense to relocate /var/lib/hal/acl-list
> > into /var/run/hal, and let it be removed by operating system startup
> > scripts.
>
> If you say the change is okay from the security POV, I commited it.
That had nothing to do with security. Problem was that I have seen a
report, that user's acl list got somehow corrupted (probably due to a
system crash or power outage or whatever). The run-specific data should
really not survive reboots -- in this case it prevented from hal ever
being able to parse the acl list again, though its contents were not
pertinent to current run.
--
Lubomir Kundrak (Red Hat Security Response Team)
More information about the hal
mailing list