The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in
recursive (-R) mode, follow symbolic links even when the --physical (aka
-P) or -L option is specified, which might allow local users to modify the
ACL for arbitrary files or directories via a symlink attack.
sbeattie> hardy may not be needed, according to debian bug report the
sbeattie> issue may have introduced in 2.2.46.
Updated: 2013-05-09 15:18:00 UTC (commit 6824)