Description of problem: http://lkml.org/lkml/2010/5/17/544 On btrfs, do the following ------------------ # su user1 # cd btrfs-part/ # touch aaa # getfacl aaa # file: aaa # owner: user1 # group: user1 user::rw- group::rw- other::r-- # su user2 # cd btrfs-part/ # setfacl -m u::rwx aaa # getfacl aaa # file: aaa # owner: user1 # group: user1 user::rwx <- successed to setfacl group::rw- other::r-- ------------------ but we should prohibit it that user2 changing user1's acl. In fact, on ext3 and other fs, a message occurs: setfacl: aaa: Operation not permitted Upstream commit: http://git.kernel.org/linus/2f26afba
Meanwhile, we should also include http://git.kernel.org/linus/731e3d1b.
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem.
kernel-2.6.33.6-147.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
kernel-2.6.32.16-141.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.