[Samba] Security leak in map_nt_perms?
Abramo Bagnara
abramo.bagnara at gmail.com
Thu Aug 28 17:29:25 GMT 2008
Jeremy Allison ha scritto:
> On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote:
>> Jeremy Allison ha scritto:
>>> On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
>>>> This is exactly what I'd expect...
>>> Hmmm, not what I'd expect :-). I'll have to check into the POSIX
>>> mapping further, been a while since I wrote it. Are you checking
>>> on a system with POSIX ACLs enabled or just straight POSIX permissions ?
>> Any news?
>
> No, haven't got to this yet. One more question, were you setting
> the user or group ACE to '---' or an alternate user or group
> ACE to '---' ?
Leaving only READ_CONTROL (ignored permission) for:
user: lead to r-- permission
group: lead to --- permission
others/Everyone: lead to --- permission
acl user: lead to --- permission
acl group: lead to --- permission
Leaving no permission for:
user: lead to r-- permission
group: lead to --- permission
others/Everyone: lead to --- permission
acl user: lead to ACL removal
acl group: lead to ACL removal
>> Are you willing to accept a patch that make samba to ignore request to
>> > allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix
>> > permission/ACL?
>
> Not without examining this code thoroughly first, sorry.
Please count on my collaboration for whatever you need.
More information about the samba
mailing list