Bug 14507 - cifs ACL exec permission granted where it should be denied
Summary: cifs ACL exec permission granted where it should be denied
Status: NEW
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: kernel fs (show other bugs)
Version: 5.x
Hardware: All All
: P5 major
Target Milestone: ---
Assignee: Steve French
QA Contact: cifs QA contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-21 10:42 UTC by Björn Jacke
Modified: 2020-09-21 10:42 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2020-09-21 10:42:34 UTC 
if the owner of a file has exec permission, then cifs vfs seems to generally grants exec permission on files where ACL does not actually grant exec permission.

Example:

bjacke@cifstest1:/mnt3/a$ getcifsacl test.txt 
REVISION:0x1
CONTROL:0x8c04
OWNER:S-1-5-21-4207148185-4040488370-1588356217-500
GROUP:S-1-5-21-4207148185-4040488370-1588356217-513
ACL:S-1-5-21-4207148185-4040488370-1588356217-500:ALLOWED/I/FULL
ACL:S-1-5-21-4207148185-4040488370-1588356217-513:ALLOWED/I/R
ACL:BUILTIN\Users:ALLOWED/I/R

I'm connected with a user who is just in the Users group and I *can* execute the test.txt file. This should not be allowed. Only Administrator (S-1-5-21-4207148185-4040488370-1588356217-500) has execute permission according to the ACL.