lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240928140939.vjndryndfngzq7x4@pali>
Date: Sat, 28 Sep 2024 16:09:39 +0200
From: Pali Rohár <pali@...nel.org>
To: Steve French <sfrench@...ba.org>, Paulo Alcantara <pc@...guebit.com>
Cc: linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: Fix getting reparse points from server without WSL
 support

On Friday 13 September 2024 22:02:04 Pali Rohár wrote:
> If SMB server does not support WSL EAs then for SMB2_OP_QUERY_WSL_EA
> request it returns STATUS_EAS_NOT_SUPPORTED. Function smb2_compound_op()
> translates STATUS_EAS_NOT_SUPPORTED to -EOPNOTSUPP which cause failure
> during calling lstat() syscall from userspace on any reparse point,
> including Native SMB symlink (which does not use any EAs). This issue
> happen for example when trying to resolve Native NTFS symlink from SMB
> server on Windows 8.

Just for completeness, why this happens also on Windows server with NTFS
which supports both EAs and Reparse Points.

Older versions of Windows do not allow to set _both_ EAs and Reparse
point at the same time for one file. This is documented limitation of
NTFS. It looks like that this limitation was fixed in later Windows
versions where is running WSL.

So QUERY EA request for file which has already set reparse point ends
with STATUS_EAS_NOT_SUPPORTED error, even server supports EAs.

And similarly, FSCTL_SET_REPARSE_POINT call fails with error
STATUS_EAS_NOT_SUPPORTED when EAs are already set on the file. It is
rather cripple error for FSCTL_SET_REPARSE_POINT, but it is documented:
https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/fsctl-set-reparse-point

So Linux SMB client code should be extended to expect that compound
operation with: CREATE_with_EAs, FSCTL_SET_REPARSE_POINT, CLOSE will
fail on the FSCTL_SET_REPARSE_POINT with STATUS_EAS_NOT_SUPPORTED (even
EAs are correctly set by CREATE). And that QUERY_EA will fail on
STATUS_EAS_NOT_SUPPORTED even when EAs are supported by server.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ