Duplicate SMB file_ids leading to Windows client cache poisoning
tom at talpey.com
Thu Dec 9 20:25:29 UTC 2021
On 12/9/2021 1:58 PM, Ralph Boehme wrote:
> Hi Tom,
> On 12/9/21 19:48, Tom Talpey wrote:
>> I really think you need a bulletproof mathematically correct
>> uniqueid generator here.
> Patches welcome. :)))
> I guess all we can get is an approximation.
But, the penalty for a collision is data corruption! It's unacceptable
to wing it.
Can't TDB help here? Stuff a number into the database and save it.
Increment it by one for each new fileid needed.
Carve out a hundred, or a thousand, so you don't have to do a
transaction every new handle. Increment that by the carveout for
the next call. 64 bits will last you forever, so you could even
use it across server restart.
Make it fancier, if monotonicity is too easily forged, or misused.
More information about the samba-technical