[PATCH#2][2nd REVIEW?] fake data io module for samba

Andrew Bartlett abartlet at samba.org
Mon Nov 3 14:12:47 MST 2014 

On Mon, 2014-11-03 at 09:56 -0800, Jeremy Allison wrote:
> On Mon, Nov 03, 2014 at 01:49:05PM +0100, Peter Somogyi wrote:
> > > That means any read return is sending uninitialized allocated
> > > server memory contents out onto the wire.
> > >
> > > Now that might be OK, as this is a test module - but at the
> > > very least that needs to be documented I think.
> > 
> > Well, that's why I wrote already in the man page:
> > +        <para>This <command>fake_io</command> VFS module intercepts file
> > +        read/write calls and does nothing for read (no operation, gives
> > +        back undefined data) ...
> > 
> > > That way you have to set:
> > >
> > >    "fake_io:expose server memory contents = true"
> > 
> > If it causes less security concerns, then OK let me add this. Or at least
> > enables measuring the memset penalty.
> > Will send the next patch soon.
> 
> Yeah, I think it's kind of neccessary, I also
> might make the document warning much more
> explicit :-).
> 
> Remember, Samba had a "security" hole given
> publicity by having a UNIX client create
> a symlink on a remote system to /etc/passwd,
> and then report that when wide link restrictions
> were turned off that the server followed it !
> 
> (All of which was already documented of course :-).
> 
> I don't want to repeat that experience :-).

I'm really quite uncomfortable with having this, even with an option
set.  I would rather see it send zero or fixed data. 

What is the largest pread call we should have to return?  Even 16MB of
zeros allocated as static const in the module would not be an
unreasonable overhead for a testing module such as this.  

We also need this to be included in the test infrastructure.

The issue is, if we don't do that, and then we add the tests for the
module, we then have to go back and tell Coverity, valgrind et al that
this is legitimate, and that will keep on taking up developer resources
as we chase down the 'false' positives with each new tool.  

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list