Code to hide inaccessible files/directories

Ph. Marek marek at bmlv.gv.at
Tue Apr 17 05:34:37 GMT 2001


>I asked about this ability a few weeks ago and the reply was basically
>that folks would be interested in seeing it happen. Well, the client
>insisted, so I've put together a hack that accomplishes it.
>The basic design requirement was that users would not see
>files/directories that they did not have at least read access to. This
>request came about because we were migrating from a Novell server, and
>this is apparently the default behaviour for Netware.
>This hack was implemented on a FreeBSD 4.2-STABLE box using samba 2.0.7,
>and it has been working predictably for about a week.
Well done!

>A few coding notes:
me too :-)

>1. I'm not too sure about the size of fullPath. 2048 seemed a value that
>wouldn't normally be exceeded, but I don't have any proof that it's a
>good size. It may be too large or too small (compared to system limits,
>of course) In the final analysis, it should be the same size as the max
>path size of the system it's running on.
How about a getcwd(), chdir() to the directory, loop, and chdir() back?
Thus one can avoid the pasting of filenames together. And getcwd() at least 
allows to check if a larger buffer is needed. (if the current directory of
samba is normally /, this can even be avoided - simple do chdir(), loop, 
chdir(/)).

>2. This a pretty much a hack. It should really be implemented as a
>config option, possibly with per-share capibilities. As it stands,
>modifying dir.c and recompiling turns this on for everything, period.

>3. The access() command is considered "a security hole that should never
>be used" by the BSD documentation. However, I can not see how access()
>is a security concern _in this particular implementation_, and nobody
>has been able to give me an example of how it could be. If using
>access() makes you nervious, you could replace it with open()-with a
>test for success. I didn't want to do this because of the potential
>performance hit. Also, I don't know whether or not access() is portable
>to other systems (such as Linux)
I don't know about this security hole. Do you have some documentation
about it?

>So, the upshot of the story is to replace the function OpenDir() in
>dir.c with the one shown below, recompile and you'll find that machines
>connected via samba will no longer be able to see files/directories
>listed that they do not have read rights to.
>(yes, I know I could have sent diffs, but this change was made *after*
>FreeBSD specific patches were applied to the samba source, and I don't
>know how that would affect a diff)
>
>Hope this is useful to people.
>-Bill
Thanks very much, Bill!

I'll try to test that.


Regards,

Phil







More information about the samba-technical mailing list