lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1267710262.2375.280.camel@localhost>
Date:	Thu, 04 Mar 2010 08:44:22 -0500
From:	simo <idra@...ba.org>
To:	Jon Severinsson <jon@...erinsson.net>
Cc:	linux-cifs-client@...ts.samba.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [linux-cifs-client] [RFC PATCH] CIFS posix acl permission
 checking

On Thu, 2010-03-04 at 11:50 +0100, Jon Severinsson wrote:
> Hello
> 
> Early this weak I sent a patch implementing posix acl permission checking in 
> the linux cifs filesystem module. Unfortunately I only sent it to linux-fsdev 
> as I was unaware of the linux-cifs-client list. I later tried to submit it to 
> linux-cifs-client as well, but my message seems to have been lost in the 
> moderation queue, so I subscribed and am trying again.
> 
> I don't believe my patch is perfect, but I think it's a good start, and would 
> like some comments from more experienced cifs developers to be able to get it 
> into shape for inclusion in the kernel. 
> 
> I did get some comments from Matthew Wilcox at linux-fsdev, but unfortunately 
> he never followed up on my response, so I'm including some unresolved 
> questions I still have, as well as attaching the patch for further comments.

Hi Jon,
although you did a good job with the code itself, I have to say that I
think the approach is just wrong. Checking ACLs on the client is simply
the wrong way to go. It is just racy and it is not authoritative anyway.

It is like trying to look up a path using a cached directory listing and
then try to open by inode. It simply doesn't work, by the time you do
that, things may have been completely changed on the server.

And we are not counting the problem that with CIFS (and samba in
particular) the client have no way to know what are the real credentials
assigned to the session and that the client may have no idea what the
users and groups in the ACL are (if client and server do not use exactly
the same user database).

The right way is to let the server enforce ACLs, and use multisessions
mounts if multiple users are involved. Time would be better spent
working in that direction IMO.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo@...ba.org>
Principal Software Engineer at Red Hat, Inc. <simo@...hat.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ