[Samba] Security leak in map_nt_perms?
Jeremy Allison
jra at samba.org
Fri Aug 15 15:38:52 GMT 2008
On Fri, Aug 15, 2008 at 11:52:17AM +0200, Abramo Bagnara wrote:
>
> Sorry to show me dense, but I don't see the problem: the request to
> allow FILE_READ_ATTRIBUTES only would generate a 000 perms just as if
> map_nt_perms was called with only permissions not handled there.
>
> I'd say that to ask to allow FILE_READ_ATTRIBUTES only don't have to
> generate any ACE at all (as this request under an Unix permission model
> point of view don't give to user/group any further right).
>
> Could you explain how a possible conflict with a requested DENY ACE
> could happens?
Existing file has FILE_READ_DATA|FILE_WRITE_DATA|FILE_READ_ATTRIBUTES.
Acl comes in to change this to FILE_READ_ATTRIBUTES. Samba has to map
this to '---' according to you. Oops. Instant deny ACL. Not what was
intended.
Jeremy.
More information about the samba
mailing list