[Samba] Security leak in map_nt_perms?

Jeremy Allison jra at samba.org
Wed Aug 27 21:29:38 GMT 2008

On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote:
> Jeremy Allison ha scritto:
> > On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
> >> This is exactly what I'd expect...
> > 
> > Hmmm, not what I'd expect :-). I'll have to check into the POSIX
> > mapping further, been a while since I wrote it. Are you checking
> > on a system with POSIX ACLs enabled or just straight POSIX permissions ?
> Any news?

No, haven't got to this yet. One more question, were you setting
the user or group ACE to '---' or an alternate user or group
ACE to '---' ?

> Are you willing to accept a patch that make samba to ignore request to
> allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix
> permission/ACL?

Not without examining this code thoroughly first, sorry.


More information about the samba mailing list