[cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo() FileEndOfFileInformation is not enforcing share modes

Bill Wesse billwe at microsoft.com
Tue Dec 8 08:57:17 MST 2009


I agree - truncating a file beneath an unshared open is not a good thing to happen.

At this point, my goal is to document how the server works - and I am working on code to exercise the other information classes against SMB_INFO_PASSTHROUGH (one would hope, of course, that FileRenameInformation is rejected). Given the complexity of the SMB code, I will assume nothing.

Once done, I will raise the issue internally as appropriate. 

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Zachary Loafman [mailto:zachary.loafman at isilon.com] 
Sent: Tuesday, December 08, 2009 9:27 AM
To: Bill Wesse; Tim Prouty
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo() FileEndOfFileInformation is not enforcing share modes

> -----Original Message-----
> From: cifs-protocol-bounces at cifs.org [mailto:cifs-protocol-
> bounces at cifs.org] On Behalf Of Bill Wesse
> Sent: Tuesday, December 08, 2009 6:08 AM
> To: Tim Prouty
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: Re: [cifs-protocol] [Pfif] SMB1 Trans2SetPathInfo()
> FileEndOfFileInformation is not enforcing share modes
> 
> 3. Client 2 does a Trans2SetPathInfo() with the undocumented
>    pass-through level that also allows setting the
>    FileEndOfFileInformation (1020 / 0x3FC).  The client specifies that
>    it wants to extend the file size to 100.  Interestingly, win7 and
>    winXP will return NT_STATUS_SUCCESS and successfully extend the
>    length of the file.  This operation seems to be circumventing the
>    share mode enforcement.
[...] 
> #3 is correct behavior. Sending an SMB_COM_TRANSACTION2 request for
> SET_PATH_INFORMATION with SMB_INFO_PASSTHROUGH +
> FileEndOfFileInformation is
> functionally equivalent to a remote call to NtSetInformationFile.

Thanks for the information on what a Windows server does. You should
consider revisiting this decision, though, as it's a fairly serious data
integrity issue. It's not just the file extension case that you need to
consider - you're saying the client can *truncate* all of the data of
the file without any share mode lock enforcement.

...Zach



More information about the cifs-protocol mailing list