[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can
Jeremy Allison
jra at samba.org
Thu Oct 25 18:07:28 MDT 2012
Michael and Andrew,
Here is the fix for bug #9329 - Directory listing with SeBackup can crash smbd.
Please review and push to master.
Explaination follows:
-------------------------------------------------------------------
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
-------------------------------------------------------------------
I'm working on the regression test for this, but need to get an answer
as to how to add SeBackup privilege to the test user before being able
to push that, once I've done that this will be a follow-up patch.
Cheers,
Jeremy.
More information about the samba-technical
mailing list