Conflicts between access_check in [MS_DTYP].pdf and se_access_check in Samba
Richard Sharpe
realrichardsharpe at gmail.com
Thu Mar 7 20:03:24 MST 2013
On Thu, Mar 7, 2013 at 11:14 AM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, Mar 07, 2013 at 10:13:21AM -0800, Richard Sharpe wrote:
>>
>> OK, I have verified that Windows does it the way that section 2.5.4.1
>> of [MS-DTYP].pdf describes.
>>
>> This means that there will be cases where Samba will DENY access when
>> Windows would ALLOW access.
>>
>> This is not a security violation, I believe.
>>
>> I will try to work up a patch to fix this issue. I will likely create
>> a bug in bugzilla first.
>
> Sounds good to me. Thanks for doing the investigation on this !
Looking in the January, 2013 version of [MS-DTYP].PDF clarifies the
issues of SeSecurityPrivilege and SeTakeOwnershipPrivilege and further
clarifies OwnerRights but does not clarify the order in which
OwnerRights is evaluated, so I will have to create a few scenarios to
clarify that.
These tests should be turned into some more torture tests.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list