execute permissions in ACE not handled properly
Herb Lewis
hlewis at panasas.com
Fri Nov 16 10:33:06 MST 2012
Running Samba 3.6.6 we copy cmd.exe from a windows box to the samba server
as administrator. Add an ACE for a user that grants all but execute
permission.
Remove all other ACEs. Map share as the user and double click the file from
explorer to try and execute it. This fails against a windows server
share and
succeeds against samba. An attempt is made to open the file with desired
permissions that include execute and windows returns access denied but
samba allows the open.
Samba calls se_access_check with with access_desired of
MAXIMUM_ALLOWED_ACCESS
which returns an accessgranted that does not include the execute bit (0x20)
but I don't see any where that this is then checked against the original
desired
access to then deny access.
More information about the samba-technical
mailing list