execute permissions in ACE not handled properly

Herb Lewis hlewis at panasas.com
Fri Nov 16 10:33:06 MST 2012


Running Samba 3.6.6 we copy cmd.exe from a windows box to the samba server
as administrator. Add an ACE for a user that grants all but execute 
permission.
Remove all other ACEs. Map share as the user and double click the file from
explorer to try and execute it. This fails against a windows server 
share and
succeeds against samba. An attempt is made to open the file with desired
permissions that include execute and windows returns access denied but
samba allows the open.

Samba calls se_access_check with with access_desired of 
MAXIMUM_ALLOWED_ACCESS
which returns an accessgranted that does not include the execute bit (0x20)
but I don't see any where that this is then checked against the original 
desired
access to then deny access.


More information about the samba-technical mailing list