chdir and all that _with_privilege business

Uri Simchoni uri at
Tue Nov 10 08:42:09 UTC 2015


I can't quite understand the rationale behind the special treatment that 
opens with backup intent receive.

I was trying to understand the contexts in which we call SMB_VFS_CHDIR 
(as it somewhat complicates some VFS modules) and saw this  case where 
if files are opened with backup intent (or file find with backup intent 
in SMB1) we do some checks differently, including chdir to the file's 
parent and doing all the checks from there.

I could think of two possible reasons:
1. To prevent race conditions where one SMB request involves multiple 
UNIX system calls - make sure all those calls reference the same file 
system object - but in that case why is it limited to backup intent.
2. As a security measure, because with backup intent we run as root, but 
I'm not quite sure what type of attacks this prevents, and also whether 
in that case admin users (which run as root) should also be using this 
type of checking.

Can someone clarify?

More information about the samba-technical mailing list