[PATCH] s3: Allow stat call with capability in vfs_gpfs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Nov 25 22:29:55 MST 2013
On Fri, Nov 08, 2013 at 02:13:34PM -0700, Christof Schmitt wrote:
> From: Abhidnya Joshi <achirmul at in.ibm.com>
>
> stat call will not succeed if READ_ATTR (nfsv4 perm) is not allowed in
> GPFS but will succeed in NTFS.
To be honest, I don't like this. CAP_DAC_OVERRIDE is really
strong and this patch does not distinguish between the
READ_ATTR case you mention and general, legitimate EACCES
where we really don't have the access bits somewhere in the
path.
I'd feel better if you could open the directory part of the
file name in question without the capability and then only
do an fstatat with the cap. On older systems without fstatat
you might go the racy route and do a stat on "." within the
directory without the capability and only if that works do
the stat with the capability.
I'd also like to get some more comments here from people
with more security background.
Also, can you split up adding the OVERRIDE and using it in
the GPFS module into two patches?
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list