[Samba] 4.17.3 on debian: vfs_full_audit issues

Rowland Penny rpenny at samba.org
Sun Dec 11 15:38:34 UTC 2022

On 11/12/2022 14:59, Stefan G. Weichinger via samba wrote:
> Am 10.12.22 um 00:21 schrieb Jeremy Allison via samba:
>> On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote:
>>> of code in the patch :).
>>> The thing is that _some_ syscalls now have both ways, - eg open *and* 
>>> openat.
>>> (Sure it's okay to modify the manpage too).
>>> The PoC patch is attached (I haven't tried to even compile it yet).
>>> Is something like that okay? :)
>> Looks good, but doing a search on "AT," finds:
>> SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path"
>> SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path"
>> SMB_VFS_OP_FSTATAT -> map to "fstat" ?
>> SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?
> Thanks all in the thread. I assume I can only wait for any updated 
> packages?

Not really, you just need to remove one operation 'rmdir', this doesn't 
seem to exist (not according to the manpage). You also need to add 'at' 
to three of the 'operations, you had:

full_audit:success = mkdir rmdir read pread write pwrite rename unlink

It needs to now be:

full_audit:success = mkdirat read pread write pwrite renameat unlinkat

The '*at' operations have replaced the earlier versions.


More information about the samba mailing list