[PATCHES] smbd: allow reading files when only FILE_EXECUTE access is granted

David Disseldorp ddiss at suse.de
Mon Aug 15 15:37:57 UTC 2016


Hi Uri,

Thanks for your thorough investigation here. The changes look sane, but
samba3.smb2.ioctl.compress_perms appears to be broken by
seltest: allow opening files with arbitrary rights in smb2.ioctl tests:
UNEXPECTED(failure): samba3.smb2.ioctl fs_specific.compress_perms(nt4_dc)
REASON: Exception: Exception: ../source4/torture/smb2/ioctl.c:2486: status was NT_STATUS_INVALID_PARAMETER, expected NT_STATUS_OK: FSCTL_GET_COMPRESSION

Cheers, David

On Sun, 14 Aug 2016 06:47:57 +0300, Uri Simchoni wrote:

...
> 6. Still in a third class, there's a mix. In the case of COPYCHUNK, the
> SMB2 server is doing the READ_DATA access check on source handle and
> WRITE/APPEND_DATA access check on dest handle, and if those pass, it
> calls ioctl (or whatever Windows equivalent). The ioctl opcode however,
> has bits that say if the handle must be readable, writable, or both - in
> COPYCHUNK it has to be both (ever wondered why the dest handle has to be
> readable? that's why) - so this check is done within the kernel and
> hence FILE_EXECUTE on the dest handle won't buy you COPYCHUNK rights.

I always figured the dest-must-be-readable behaviour was a mistake that
they attempted to fix with the addition of FSCTL_SRV_COPYCHUNK_WRITE :).



More information about the samba-technical mailing list