Duplicate SMB file_ids leading to Windows client cache poisoning
Tom Talpey
tom at talpey.com
Fri Dec 10 21:37:23 UTC 2021
On 12/10/2021 4:23 PM, Christof Schmitt wrote:
> On Fri, Dec 10, 2021 at 04:04:09PM -0500, Tom Talpey via samba-technical wrote:
>> I believe the EXT, BTRFS, XFS and a few other Linux filesystems support
>> retrieving the generation number via ioctl(FS_IOC_GETVERSION). But I'm
>> not certain how universal this is. There being hundreds of file systems
>> in Linux...
>>
>> Could Samba perhaps insert a kernel module, or use the SMB client kmod,
>> to fetch this? It'd be ugly and will have security implications, so I
>> would not go into it lightly.
>
> I missed FS_IOC_GETVERSION. That might be an option, since that is at
> least supported on the most commonly used file systems (ext4, xfs,
> btrfs). And if the call fails, we could log a warning, that this setup
> might be unreliable for MacOS clients.
Looks like ZFS has its own idea, ZFS_IOC_OBJ_TO_STATS. But we could
cover the basics with a handful of tries.
What about packing the dev_t, ino_t and generation number all into
64 bits, without risking a collision? I think the dev_t is needed
unless the Samba server can guarantee the share always maps to
exactly the same one, which seems problematic.
Tom.
More information about the samba-technical
mailing list