[cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo() FileEndOfFileInformation is not enforcing share modes

Zachary Loafman zachary.loafman at isilon.com
Tue Dec 8 07:27:16 MST 2009


> -----Original Message-----
> From: cifs-protocol-bounces at cifs.org [mailto:cifs-protocol-
> bounces at cifs.org] On Behalf Of Bill Wesse
> Sent: Tuesday, December 08, 2009 6:08 AM
> To: Tim Prouty
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: Re: [cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo()
> FileEndOfFileInformation is not enforcing share modes
> 
> 3. Client 2 does a Trans2SetPathInfo() with the undocumented
>    pass-through level that also allows setting the
>    FileEndOfFileInformation (1020 / 0x3FC).  The client specifies that
>    it wants to extend the file size to 100.  Interestingly, win7 and
>    winXP will return NT_STATUS_SUCCESS and successfully extend the
>    length of the file.  This operation seems to be circumventing the
>    share mode enforcement.
[...] 
> #3 is correct behavior. Sending an SMB_COM_TRANSACTION2 request for
> SET_PATH_INFORMATION with SMB_INFO_PASSTHROUGH +
> FileEndOfFileInformation is
> functionally equivalent to a remote call to NtSetInformationFile.

Thanks for the information on what a Windows server does. You should
consider revisiting this decision, though, as it's a fairly serious data
integrity issue. It's not just the file extension case that you need to
consider - you're saying the client can *truncate* all of the data of
the file without any share mode lock enforcement.

...Zach


More information about the cifs-protocol mailing list