symlink owner question
Uri Simchoni
uri at samba.org
Thu Apr 27 04:46:54 UTC 2017
On 04/26/2017 09:28 PM, Scott Lovenberg via samba-technical wrote:
> william On Tue, Apr 25, 2017 at 2:10 PM, Uri Simchoni via
> samba-technical <samba-technical at lists.samba.org> wrote:
>> Hi,
>>
>> Can anyone think of a case where the owner of a symlink matters, that
>> is, suppose the user creates a symlink via SMB (POSIX extensions), and
>> the resulting link owned by the wrong user.
>>
>> We have such behavior if:
>> 1. The user is in "admin users" --> smbd runs as root and link owned by
>> root.
>> 2. "inherit owner" is enabled - the link has the creator's owner, not
>> the inherited owner.
>>
>> *if* it matters, I can't think of a way of reliably fixing it:
>> - lchown is a bit racy because the symlink may have been superseded with
>> something else.
>> - fchown - the only way I found for opening the symlink is using O_PATH,
>> and that doesn't support fchown (documented and experimentally verified).
>>
>> I have produced a failing test to demonstrate the issue (see attached),
>> but then got stuck with fixing it :(, so perhaps it's better to declare
>> it as a non-issue....
>>
>> Thoughts?
>> Uri.
>
> Here's an interesting case : DFS symlinks - are there any security
> implications (especially when the owning group is considered the owner
> in MS land)? Another thought - is it possible that a directory with
> the sticky bit set (or the ACL/XATTR equivalent bits for "Creator
> Owner") you get into a situation where you cannot modify or delete a
> file that you created because the ownership changed? Other than that,
> I'm drawing a blank on any side effects and those two are probably
> corner cases at best.
>
Thanks!
I don't really know the intricacies of DFS (and access control related
to it), but looks like you've flagged a corner usability case of
combining a symbolic link with owner inheritance - if someone sets up a
drop-box using "inherit owner" and also puts the sticky bit to make that
box kind of non-modify, he'll fail deleting symlinks?
Well, that really seems to be a definition of a corner case...
I can only rant about why I can't open the symlink for the purpose of
fchown - seems like an O_METADATA open flag or an O_SYMLINK flag could
be useful...
Uri.
More information about the samba-technical
mailing list