[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can crash smbd.
jra at samba.org
Mon Oct 29 15:08:13 MDT 2012
On Tue, Oct 30, 2012 at 07:57:59AM +1100, Andrew Bartlett wrote:
> > But the second user may not have permissions to delete the
> > file - so inside the close code we take care of this by storing
> > the UNIX and Windows tokens with the open file when the first
> > close-with-delete comes in, and then using push_sec_ctx()/set_sec_ctx()
> > to take on the original users permissions before deleting
> > the file, followed by a pop_sec_ctx() when we're done.
> OK, can you point me at where we do this in the code?
Lines 1194 onwards in source/smbd/close.c
> So this doesn't happen right now, but could happen?
Yes. If we don't take care of this then adding a become_root()
unbecome_root() pair inside this code will cause the problem
to reoccur and crash.
> I would also prefer to move this to the conn, which is why the change as
> proposed (and now pushed) still doesn't sit right with me.
IMHO it is the correct and safest patch. I think Michael agrees
with me (we discussed this on IRC).
More information about the samba-technical