[cifs-protocol] [MS-SMB2] allow read based on FILE_EXECUTE permission [116073114482785]
Obaid Farooqi
obaidf at microsoft.com
Sun Jul 31 22:41:48 UTC 2016
Hi Uri:
Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at ramagane at Microsoft dot com
-----Original Message-----
From: Uri Simchoni [mailto:uri at samba.org]
Sent: Sunday, July 31, 2016 12:45 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [MS-SMB2] allow read based on FILE_EXECUTE permission
Hi,
This question concerns the right to read from a file opened with FILE_EXECUTE but without FILE_READ_DATA in the desired access mask.
According to [MS-SMB2] section section 3.3.5.12, about how to process a READ request:
If Open.GrantedAccess does not allow for FILE_READ_DATA, the request MUST be failed with STATUS_ACCESS_DENIED.
However, testing against Windows Server 2012R2 shows that if FILE_EXECUTE is granted instead of FILE_READ_DATA, the read is also allowed (I suppose this has to do with running executables...)
The attached tcpdump packet trace demonstrates that - in packet 22, EOF is returned instead of ACCESS_DENIED.
Can you please clarify?
Thanks,
Uri.
More information about the cifs-protocol
mailing list