[PATCH] s3: introduce new share parameter "open special files"

[Simo]

On 05/04/2013 04:09 AM, Volker Lendecke wrote:
> On Fri, May 03, 2013 at 04:55:50PM -0400, Simo wrote:
>> On 05/03/2013 07:15 AM, Ralph Wuerthner wrote:
>>> Hi list,
>>>
>>> attached patch introduces a new share parameter "open special files" to control whether special files such as sockets, devices and fifo's will be opened by the server or not. If set to "no" open requests to special files will fail with "access denied". Default value for "open special files" is "no".
>>>
>>> Access to special files impose a security risk because it may for example allow remote clients raw access to local hard drives or kernel memory.
>>>
>>> Regards
>>>
>>> 	Ralph
>> Access do device files is already regulated via file system
>> permissions, why do we need an additional special option ?
>> In what case it is ok to give a user access on a file locally but
>> artificially prevent that access via samba ?
> It's in the same line as the "wide links" option. If you
> have a problem with links pointing out of your share file
> system, your permissions are not right either.
>

The wide links case is different. The reason why we need it is because 
of the difference in semantics between samba and NFS. In the NFS case 
the server returns the link as is so it points to a local file system 
item on the client. On samba we used to resolve it on the server instead.
So that is a legitimate difference in semantics for which I can see the 
value in an option.

For actual file permissions I do not see it, given you already have 3 
better options:
1. do not give root access to device files
2. mount with nodev
3. Use SELinux to prevent access to device files.

Simo.

-- 
Simo Sorce
Samba Team Member <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>