[Samba] Security leak in map_nt_perms?

Jeremy Allison jra at samba.org
Fri Aug 15 15:38:52 GMT 2008

On Fri, Aug 15, 2008 at 11:52:17AM +0200, Abramo Bagnara wrote:
> Sorry to show me dense, but I don't see the problem: the request to
> allow FILE_READ_ATTRIBUTES only would generate a 000 perms just as if
> map_nt_perms was called with only permissions not handled there.
> I'd say that to ask to allow FILE_READ_ATTRIBUTES only don't have to
> generate any ACE at all (as this request under an Unix permission model
> point of view don't give to user/group any further right).
> Could you explain how a possible conflict with a requested DENY ACE
> could happens?

Acl comes in to change this to FILE_READ_ATTRIBUTES. Samba has to map
this to '---' according to you. Oops. Instant deny ACL. Not what was


More information about the samba mailing list