[PR PATCH] disable_openfile_inode_check
Jeremy Allison
jra at samba.org
Thu Dec 10 16:56:40 UTC 2015
On Thu, Dec 10, 2015 at 12:04:14PM +0100, Volker Lendecke wrote:
> On Thu, Dec 10, 2015 at 07:58:52AM +0000, github at samba.org wrote:
> > There is a new pull request by RG72 against master on the Samba Samba Github repository
> >
> > https://github.com/RG72/samba master
> > https://github.com/samba-team/samba/pull/44
> >
> > disable_openfile_inode_check
> > Add a option disable_openfile_inode_check.
> >
> > I use samba over overlayfs.
> > When users try to open file for write, they will get NT_STATUS_ACCESS_DENIED and file opens for read only.
> > Because open_file_ntcreate: file %s - dev/ino mismatch.
> >
> > With disable_openfile_inode_check = true, users can openfile for write.
> > I build a time machine of share, with overlayfs and hard links.
>
> Well, it very much seems the file system you have is really, really
> broken. It changes inode numbers on the fly as it pleases? That breaks
> quite some assumptions in Samba that lie pretty deep. None of the locking
> we do can work if inodes are just volatile floating values. Please do
> not use Samba on that file system, it will reliably destroy your data.
>
> With best regards,
Not only broken, but also really, really insecure ! Bonus :-).
Many apps depend on the idiom
stat(name,&st);
fd = open(name,..)
fstat(fd, &st1)
and then check that st.ino == st1.ino for security
purposes. That won't work on this filesystem either..
More information about the samba-technical
mailing list