CIFS Unix Extensions UIDs and client permission checking

Simo Sorce idra at samba.org
Sat Jul 17 22:37:42 GMT 2004


On Sat, 2004-07-17 at 18:40, Steve French wrote:

> Does this logic seem correct?  Obviously this could be improved somewhat 
> if the CIFS Unix/Linux extensions are extended - e.g. we optionally 
> could pass the client process's effective uid/gid to the server (so the 
> server had all of the info it needed to do the real permission check) 
> and if the server trusted the client and if signing were enabled (so the 
> uid/gid could not be changed on the wire by a man in the middle).

I would object this behavior as default.
One of the biggest problems with NFS is the trust you need between
server and client. Trusting the client put all your network at the same
security level. Compromising a single client will potentially allow you
to access any file on the server just by providing 0/0 as uid/gid (No,
denying the 0/0 access is not enough other uids/gids may have access to
sensible data anyway).

We could think of permitting such a behavior optionally but the best
thing would be to do a new Session Setup for each user accessing the
system.

Providing means to signal user space from the kernel so that when a new
user access a file system mounted by another would be a very nice
addition. That way a helper would be able to be called and the user
prompted for a username/password pair.

> Also - jra had talked about an interesting idea for a pipe based helper 
> mechanism that might assist with the uid translation.

I'm curious, any details?

Simo.
-- 
Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it



More information about the samba-technical mailing list