REVERT or FIX required (was: Re: [PATCH] Recent coverity changes added directory_create_or_exist() checks to many directories.)

Andrew Bartlett abartlet at samba.org
Tue Jan 8 15:05:01 MST 2013


Andreas,

I'm sorry to have to be blunt, but I need to get your attention about
the 'coverity' directory_create_or_exist() changes. 

I would, frankly at this point, like to ask that the changes be reverted
in the absence of a better solution. 

On Fri, 2012-12-28 at 20:42 +1100, Andrew Bartlett wrote:

> We have a particular issue with the state and lock directory permission
> enforcement this 'fix' brought.  Depending on the umask of the system
> involved, we now have a situation where Samba refuses to start due to
> the permissions on a directory that Samba itself created.  As I'm sure
> you appreciate, this is a nightmare for the upgrade case, were it to
> stay this way.
> 
> Why did we need these changes in the first place?  I'm inclined to
> suggest the Coverity report was a false positive for the system path
> case.   I've not seen the actual details however, but if somehow we did
> fail to create the directory, that we would just fail later when we
> decided to use that directory to hold a file. 
> 
> Either way, the current situation needs to be fixed as soon as folks are
> back on board after the holidays, and we need to stop enforcing
> permissions except where we did at the time of the 4.0 release. 
> 
> If we do want strict checking on the mkdir() (and so can't just revert),
> perhaps 'directory_create_or_exist() and
> directory_create_or_exist_perms()'?

This needs to be addressed as a matter of urgency, because it seems to
have been lost over the Christmas/New Year holidays. 

The problem is much more than just 'run make test with the right umask',
because an existing installation could have the same issue, depending on
the umask as the time of provision, these directories will have the
'wrong' permissions, and Samba as an AD DC will fail to start up. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba-technical mailing list