chdir and all that _with_privilege business
uri at samba.org
Tue Nov 10 08:42:09 UTC 2015
I can't quite understand the rationale behind the special treatment that
opens with backup intent receive.
I was trying to understand the contexts in which we call SMB_VFS_CHDIR
(as it somewhat complicates some VFS modules) and saw this case where
if files are opened with backup intent (or file find with backup intent
in SMB1) we do some checks differently, including chdir to the file's
parent and doing all the checks from there.
I could think of two possible reasons:
1. To prevent race conditions where one SMB request involves multiple
UNIX system calls - make sure all those calls reference the same file
system object - but in that case why is it limited to backup intent.
2. As a security measure, because with backup intent we run as root, but
I'm not quite sure what type of attacks this prevents, and also whether
in that case admin users (which run as root) should also be using this
type of checking.
Can someone clarify?
More information about the samba-technical