[Samba] Security leak in map_nt_perms?

Abramo Bagnara abramo.bagnara at gmail.com
Thu Aug 28 17:29:25 GMT 2008


Jeremy Allison ha scritto:
> On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote:
>> Jeremy Allison ha scritto:
>>> On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
>>>> This is exactly what I'd expect...
>>> Hmmm, not what I'd expect :-). I'll have to check into the POSIX
>>> mapping further, been a while since I wrote it. Are you checking
>>> on a system with POSIX ACLs enabled or just straight POSIX permissions ?
>> Any news?
> 
> No, haven't got to this yet. One more question, were you setting
> the user or group ACE to '---' or an alternate user or group
> ACE to '---' ?

Leaving only READ_CONTROL (ignored permission) for:

user: lead to r-- permission
group: lead to --- permission
others/Everyone: lead to --- permission
acl user: lead to --- permission
acl group: lead to --- permission

Leaving no permission for:

user: lead to r-- permission
group: lead to --- permission
others/Everyone: lead to --- permission
acl user: lead to ACL removal
acl group: lead to ACL removal

>> Are you willing to accept a patch that make samba to ignore request to
>> > allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix
>> > permission/ACL?
> 
> Not without examining this code thoroughly first, sorry.

Please count on my collaboration for whatever you need.



More information about the samba mailing list