[PATCH#2][2nd REVIEW?] fake data io module for samba
Jeremy Allison
jra at samba.org
Mon Nov 3 10:56:39 MST 2014
On Mon, Nov 03, 2014 at 01:49:05PM +0100, Peter Somogyi wrote:
> > That means any read return is sending uninitialized allocated
> > server memory contents out onto the wire.
> >
> > Now that might be OK, as this is a test module - but at the
> > very least that needs to be documented I think.
>
> Well, that's why I wrote already in the man page:
> + <para>This <command>fake_io</command> VFS module intercepts file
> + read/write calls and does nothing for read (no operation, gives
> + back undefined data) ...
>
> > That way you have to set:
> >
> > "fake_io:expose server memory contents = true"
>
> If it causes less security concerns, then OK let me add this. Or at least
> enables measuring the memset penalty.
> Will send the next patch soon.
Yeah, I think it's kind of neccessary, I also
might make the document warning much more
explicit :-).
Remember, Samba had a "security" hole given
publicity by having a UNIX client create
a symlink on a remote system to /etc/passwd,
and then report that when wide link restrictions
were turned off that the server followed it !
(All of which was already documented of course :-).
I don't want to repeat that experience :-).
Jeremy.
More information about the samba-technical
mailing list