The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in
recursive (-R) mode, follow symbolic links even when the --physical (aka
-P) or -L option is specified, which might allow local users to modify the
ACL for arbitrary files or directories via a symlink attack.
sbeattie> hardy may not be needed, according to debian bug report the
sbeattie> issue may have introduced in 2.2.46.
Updated: 2016-01-26 17:34:58 UTC (commit 10507)