DragonFlyBSD Kernel Audit
← dashboard
DF-0188

No defense-in-depth privilege check; acl_cnt not bounds-validated pre-VOP

Summary

No priv_check/ownership check in syscall layer (relies on nlookup search perms + VOP). acl_cnt copyin(:74) not clamped [0,ACL_MAX_ENTRIES] before VOP_SETACL(:80). Naive FS impl could read OOB. Latent defense-in-depth.