В в code to support FreeBSD OS identified a critical (), leading to a violation of the processing of access rights. The essence of the problem is that the rights set for the group were treated as the rights for the owner of the file. Problem in update . Correction to FreeBSD HEAD codebase on OpenZFS.
The issue was caused by all access control list entries (ACEs) set for the group owner (group@) and normal groups (group:<name>) being delegated to the current user.
For example, access mode 0770 (write allowed only for group members) was treated as 0777 (write allowed for all users). A similar situation was observed with ACLs, for example, the following ACL became equivalent to the rights of 0777, since the group member check for builtin_administrators returns True.
# owner: root
#group: wheel
group:builtin_administrators:rwxpDdaARWcCos:——-:allow
Also, in the FreeBSD port of OpenZFS, another issue has been identified with granting permission to change to a directory (cd), regardless of the state of the execute permission flag for directories. Entry into the directory was possible, including with an explicit prohibition through ACL ("deny - execute")
Source: opennet.ru