[lug] Is anyone using ACLs on Linux?

[Daniel Webb]

I have found 2 privilege escalation bugs in a week, and they are both quite
obvious.  The fact that they've been known for a least 6 months (someone
reported them on the Debian bug tracker but the package maintainer missed
them), makes me wonder if anyone at all is using ACLs.

It's making me a bit nervous to be using it on a production system, but I
don't really have a choice with what I'm doing.

On the positive side, the Debian package maintainer and the ACL utils author
are both working very quickly to fix the bugs.