DF-0188
No defense-in-depth privilege check; acl_cnt not bounds-validated pre-VOP
Summary
No priv_check/ownership check in syscall layer (relies on nlookup search perms + VOP). acl_cnt copyin(:74) not clamped [0,ACL_MAX_ENTRIES] before VOP_SETACL(:80). Naive FS impl could read OOB. Latent defense-in-depth.