lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240917205950.dvxvs6tghrffo336@pali>
Date: Tue, 17 Sep 2024 22:59:50 +0200
From: Pali Rohár <pali@...nel.org>
To: Jeremy Allison <jra@...ba.org>
Cc: ronnie sahlberg <ronniesahlberg@...il.com>,
	Steve French <sfrench@...ba.org>,
	Paulo Alcantara <pc@...guebit.com>, linux-cifs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: Fix getting reparse points from server without WSL
 support

On Tuesday 17 September 2024 13:46:18 Jeremy Allison wrote:
> On Wed, Sep 18, 2024 at 06:44:39AM +1000, ronnie sahlberg wrote:
> > On Wed, 18 Sept 2024 at 06:37, Pali Rohár <pali@...nel.org> wrote:
> > > 
> > > Ok. But then I do not understand why Linux client parses and uses uid
> > > and gids which are sent over the wire. If you are saying that the SIDs
> > > must be the only source of truth then Linux client should rather ignore
> > > uid and gid values?
> > 
> > What I think Jeremy is refering to is that mixing uids and sids in the
> > protocol itself is
> > a protocol design mistake.
> > Because this means that some PDUs in the protocol operate on SIDs but
> > others operate on
> > UID/GIDs and this means there is great risk of mistakes and have the
> > sid<->uid mapping return
> > different results depending on the actual PDU.
> > 
> > Sometimes the sid<->uid mapping happens in the server, at other times
> > the mapping happens in the client
> > and it is very difficult to guarantee that the mapping is consistent
> > across PDUs in the protocol
> > as well as across different clients.
> 
> Thanks Ronnie. You said that much better than I did :-) :-).

Understood, thank you!

So based on this for me it looks like that for client it would be safer
to ignore uid an gid for reparse points and use only SIDs.

I hope that somebody will recheck that client code in wsl_to_fattr() function.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ