BUG: Wide Links - does not work as documented
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Tue Apr 18 15:36:13 GMT 2000
> -----Original Message-----
> From: Cole, Timothy D.
> Sent: Tuesday, April 18, 2000 10:58
> To: Multiple recipients of list SAMBA-TECHNICAL
> Subject: RE: BUG: Wide Links - does not work as documented
>
> > -----Original Message-----
> > From: Jani Jaakkola [SMTP:jjaakkol at cs.helsinki.fi]
> > Sent: Thursday, April 13, 2000 15:05
> > To: Multiple recipients of list SAMBA-TECHNICAL
> > Subject: Re: BUG: Wide Links - does not work as documented
> >
> > On Thu, 13 Apr 2000, Jeremy Allison wrote:
> >
> > > Not at all portable I'm afraid.
> >
> > Right. So for systems which do not have O_NOFOLLOW:
> >
> > 1. lstat() the filename. If it is a symlink, return failure
> > 2. open the file (without O_NOFOLLOW)
> > 3. fstat() the filedescriptor returned by open.
> > 4. If the fstat() and lstat() did not agree (they did not point to same
> > inode), we had a race condition situation. Close the
> > already opened file and return failure.
> >
> What happens if you inadvertantly opened, say, /etc/passwd with
> O_TRUNCATE? By the time you do the fstat(), you're already SOL.
>
Actually /etc/password, was a bad example. Let's just say some file
outside the exported tree that the [remote] user shouldn't have write access
to but does... which contains some sort of valuable data.
[ of course, this raises the question as to why permissions weren't
set right in the first place ]
More information about the samba-technical
mailing list