Evaluating Windows Security Descriptors.
Christopher R. Hertel
crh at ubiqx.mn.org
Wed Dec 19 20:52:00 GMT 2007
Thanks for this. The analysis, all of it, is quite helpful.
I am relying on the know-how of the folks here at Quantum. They've been
working on their distributed file system for a while, and some of the
developers have experience with Linux GFS (the Sistina product, now
maintained by Red Hat). You may recall that I co-presented on Samba running
on GFS a few years ago.
Anywhich, I'm here providing the CIFS know-how and they're providing the
distributed meta data know how and we're working on filling in the grey area
in between. So I appreciate all of the feedback.
I'll be traveling for the next couple of days but I will try to keep up with
this conversation when time and location permit.
tridge at samba.org wrote:
> I am not as pessimistic about your plan as Volker is. It does need to
> be done very carefully, but I think that with careful design you may
> be able to make it secure.
> For example, the simple race Volker mentioned can be avoided as
> 1) before you open, you stat() and remember the device:inode
> 2) after you open, you fstat() and cross-check. If it's unchanged, then
> no symlink games were played. If it has changes then loop back to (1)
> and re-do all checks.
> 3) if the stat() showed the file didn't exist, then add O_EXCL
> 4) if you thought the file didn't exist, and O_EXCL causes an open
> failure, then loop back to (1)
> There are other races too, not just this simple one, but with some
> careful thought you may find you can beat them.
> Samba has had this style of race for years. We've worked around some
> of them, but not all. In your design these races become more critical,
> but don't give up completely. Try and think it through instead.
> Cheers, Tridge
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical