Evaluating Windows Security Descriptors.

Christopher R. Hertel crh at ubiqx.mn.org
Wed Dec 19 20:52:00 GMT 2007 

Tridge,

Thanks for this.  The analysis, all of it, is quite helpful.

I am relying on the know-how of the folks here at Quantum.  They've been
working on their distributed file system for a while, and some of the
developers have experience with Linux GFS (the Sistina product, now
maintained by Red Hat).  You may recall that I co-presented on Samba running
on GFS a few years ago.

Anywhich, I'm here providing the CIFS know-how and they're providing the
distributed meta data know how and we're working on filling in the grey area
in between.  So I appreciate all of the feedback.

I'll be traveling for the next couple of days but I will try to keep up with
this conversation when time and location permit.

Thanks!

Chris -)-----

tridge at samba.org wrote:
> Chris,
> 
> I am not as pessimistic about your plan as Volker is. It does need to
> be done very carefully, but I think that with careful design you may
> be able to make it secure.
> 
> For example, the simple race Volker mentioned can be avoided as
> follows:
> 
>  1) before you open, you stat() and remember the device:inode 
> 
>  2) after you open, you fstat() and cross-check. If it's unchanged, then
>  no symlink games were played. If it has changes then loop back to (1)
>  and re-do all checks.
> 
>  3) if the stat() showed the file didn't exist, then add O_EXCL
> 
>  4) if you thought the file didn't exist, and O_EXCL causes an open
>  failure, then loop back to (1)
> 
> There are other races too, not just this simple one, but with some
> careful thought you may find you can beat them.
> 
> Samba has had this style of race for years. We've worked around some
> of them, but not all. In your design these races become more critical,
> but don't give up completely. Try and think it through instead.
> 
> Cheers, Tridge

-- 
"Implementing CIFS - the Common Internet FileSystem"    ISBN: 013047116X
Samba Team -- http://www.samba.org/    -)-----     Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/  -)-----  ubiqx development, uninq
ubiqx Team -- http://www.ubiqx.org/    -)-----          crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/   -)-----             crh at ubiqx.org

More information about the samba-technical mailing list