[cifs-protocol] [MS-SMB2] allow read based on FILE_EXECUTE permission
Uri Simchoni
uri at samba.org
Sun Jul 31 17:44:45 UTC 2016
Hi,
This question concerns the right to read from a file opened with
FILE_EXECUTE but without FILE_READ_DATA in the desired access mask.
According to [MS-SMB2] section section 3.3.5.12, about how to process a
READ request:
If Open.GrantedAccess does not allow for FILE_READ_DATA, the request
MUST be failed with STATUS_ACCESS_DENIED.
However, testing against Windows Server 2012R2 shows that if
FILE_EXECUTE is granted instead of FILE_READ_DATA, the read is also
allowed (I suppose this has to do with running executables...)
The attached tcpdump packet trace demonstrates that - in packet 22, EOF
is returned instead of ACCESS_DENIED.
Can you please clarify?
Thanks,
Uri.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.pcap
Type: application/vnd.tcpdump.pcap
Size: 5090 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20160731/2f4be565/t.pcap>
More information about the cifs-protocol
mailing list