[pulseaudio-discuss] Failed to create secure directory with ACL
Prunk Dump
prunkdump at gmail.com
Tue Apr 22 05:55:16 PDT 2014
2014-04-20 17:58 GMT+02:00 Alexander E. Patrakov <patrakov at gmail.com>:
> I have prepared two conflicting patches and believe that applying any
> of them will work around your bug (which is really in the CIFS server).
> Please use your own judgement to pick one of the patches.
>
> My own preference would be:
> [PATCH] Remove redundant check of directory permissions
>
> ...but this is rather risky from the security standpoint, so any
> additional audit would be appreciated.
>
> --
> Alexander E. Patrakov
> _______________________________________________
> pulseaudio-discuss mailing list
> pulseaudio-discuss at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
You are right !
With EXT4 ACLs the chmod command change the file mask to give access
only to the owner.
With CIFS the corresponding ACL entries are modified but the mask
remain "rwx". But with one of there commands typed manually,
pulseaudio works :
-> setfacl -b .pulse && chmod 0700 .pulse
-> setfacl -m m:--- .pulse
I will send a question to the samba4 mailing list. We will see what
they think about this problem.
It difficult to me to say if PulseAudio need a fix. Is POSIX filesytem
only support acceptable ?
Maybe the best solution is to have a configuration variable that
permit to disable the secure directory check.
At that time, I fixed the problem by creating manually all the .pulse
folders with pam_exec but it is not really a clean fix.
That you very much for your work !
Baptiste.
More information about the pulseaudio-discuss
mailing list