[cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo() FileEndOfFileInformation is not enforcing share modes
Bill Wesse
billwe at microsoft.com
Tue Dec 8 08:57:17 MST 2009
I agree - truncating a file beneath an unshared open is not a good thing to happen.
At this point, my goal is to document how the server works - and I am working on code to exercise the other information classes against SMB_INFO_PASSTHROUGH (one would hope, of course, that FileRenameInformation is rejected). Given the complexity of the SMB code, I will assume nothing.
Once done, I will raise the issue internally as appropriate.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-----Original Message-----
From: Zachary Loafman [mailto:zachary.loafman at isilon.com]
Sent: Tuesday, December 08, 2009 9:27 AM
To: Bill Wesse; Tim Prouty
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo() FileEndOfFileInformation is not enforcing share modes
> -----Original Message-----
> From: cifs-protocol-bounces at cifs.org [mailto:cifs-protocol-
> bounces at cifs.org] On Behalf Of Bill Wesse
> Sent: Tuesday, December 08, 2009 6:08 AM
> To: Tim Prouty
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: Re: [cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo()
> FileEndOfFileInformation is not enforcing share modes
>
> 3. Client 2 does a Trans2SetPathInfo() with the undocumented
> pass-through level that also allows setting the
> FileEndOfFileInformation (1020 / 0x3FC). The client specifies that
> it wants to extend the file size to 100. Interestingly, win7 and
> winXP will return NT_STATUS_SUCCESS and successfully extend the
> length of the file. This operation seems to be circumventing the
> share mode enforcement.
[...]
> #3 is correct behavior. Sending an SMB_COM_TRANSACTION2 request for
> SET_PATH_INFORMATION with SMB_INFO_PASSTHROUGH +
> FileEndOfFileInformation is
> functionally equivalent to a remote call to NtSetInformationFile.
Thanks for the information on what a Windows server does. You should
consider revisiting this decision, though, as it's a fairly serious data
integrity issue. It's not just the file extension case that you need to
consider - you're saying the client can *truncate* all of the data of
the file without any share mode lock enforcement.
...Zach
More information about the cifs-protocol
mailing list