[PATCH] Recent coverity changes added directory_create_or_exist() checks to many directories.
abartlet at samba.org
Tue Dec 25 14:53:36 MST 2012
On Mon, 2012-12-24 at 08:58 +0100, Andreas Schneider wrote:
> On Saturday, December 22, 2012 10:22:50 Andrew Bartlett wrote:
> > On Fri, 2012-12-21 at 15:18 -0800, Jeremy Allison wrote:
> > > Fix to make "make test" work again in master, no matter what the umask.
> Thanks for the fix.
> > I'm not entirely happy with the original change (we should only enforce
> > directory permissions when not doing so would be a security disaster),
> > but for this change:
> I think the questions is if this function should enforce uid and permissions
> at all, or if we should add an argument to disable enforcement.
The uid and permission checks are critical, for the original use case
around winbind (and similar) pipes. These don't work or create security
issues if they are not owned by root, and for example the privileged
pipe should not be world-readable.
Part of the reason for enforcing the permissions is to avoid users who
are having trouble with (eg) squid just setting the permissions to 777
and compromising the security of the whole server.
I think the admin can and should have more discretion on if the pid and
lock directories have broader or more restricted permissions.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical