[PATCH#2][2nd REVIEW?] fake data io module for samba

Jeremy Allison jra at samba.org
Mon Nov 3 10:56:39 MST 2014

On Mon, Nov 03, 2014 at 01:49:05PM +0100, Peter Somogyi wrote:
> > That means any read return is sending uninitialized allocated
> > server memory contents out onto the wire.
> >
> > Now that might be OK, as this is a test module - but at the
> > very least that needs to be documented I think.
> Well, that's why I wrote already in the man page:
> +        <para>This <command>fake_io</command> VFS module intercepts file
> +        read/write calls and does nothing for read (no operation, gives
> +        back undefined data) ...
> > That way you have to set:
> >
> >    "fake_io:expose server memory contents = true"
> If it causes less security concerns, then OK let me add this. Or at least
> enables measuring the memset penalty.
> Will send the next patch soon.

Yeah, I think it's kind of neccessary, I also
might make the document warning much more
explicit :-).

Remember, Samba had a "security" hole given
publicity by having a UNIX client create
a symlink on a remote system to /etc/passwd,
and then report that when wide link restrictions
were turned off that the server followed it !

(All of which was already documented of course :-).

I don't want to repeat that experience :-).


More information about the samba-technical mailing list