[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can crash smbd.
jra at samba.org
Mon Oct 29 15:22:14 MDT 2012
On Tue, Oct 30, 2012 at 08:17:09AM +1100, Andrew Bartlett wrote:
> On Mon, 2012-10-29 at 14:09 -0700, Jeremy Allison wrote:
> > On Tue, Oct 30, 2012 at 07:51:36AM +1100, Andrew Bartlett wrote:
> > >
> > > I'm sorry, I should have made it clearer, I was still hoping to improve
> > > the patch with Jeremy. I don't like walking back up the security stack
> > > like that, for something that it seems we can find out via a pointer
> > > de-reference.
> > No, we can't. Under the delete on close semantics the only
> > place this can be found is on the security stack.
> Where in the delete on close path does it call get_current_nttok()?
It doesn't right now, but not doing it this way is leaving a
bear-trap for the unwary.
Imagine someone needs to override UNIX perms underneath this
codepath - we don't do this right now but I can't guarentee we
won't need to do this at some point - then we will have
get_current_nttok() back returning a NULL pointer, and
we'll crash again.
The way it is coded now is defensive programming, and
is usually considered best practice. Now we can guarantee
get_current_nttok() will always return a valid token (and
in fact the correct one for the context we should be examining
for Windows security checks).
This is much safer.
More information about the samba-technical