Quantcast

Lower-level-Access Checks - avoid duplicate access checks on open

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Lower-level-Access Checks - avoid duplicate access checks on open

Samba - samba-technical mailing list
Has anyone ever experimented with extending the syscalls (or adding
ioctls) for access() checking to allow access checks to be done once
rather than twice (in BOTH Samba and in the file system layer(s))?
Today access checks are done in the underlying fs and in Samba (e.g.
the se_file_access_checks that source3/smbd/open.c calls to check for
permissions on open/create).

Presumably access() could be tricked into passing more information -
but other than that are there other ways that have been explored to
disable all access checking and let lower levels do it?  If access
checks are simply disabled in Samba, presumably at least read/write
access flags (for data, not metadata) are already checkable, but
presumably you could never get delete permission right in the access
right without magic? Are there other obvious things which would fail?

--
Thanks,

Steve

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Lower-level-Access Checks - avoid duplicate access checks on open

Samba - samba-technical mailing list
On Sat, Apr 08, 2017 at 11:54:03PM -0500, Steve French via samba-technical wrote:

> Has anyone ever experimented with extending the syscalls (or adding
> ioctls) for access() checking to allow access checks to be done once
> rather than twice (in BOTH Samba and in the file system layer(s))?
> Today access checks are done in the underlying fs and in Samba (e.g.
> the se_file_access_checks that source3/smbd/open.c calls to check for
> permissions on open/create).
>
> Presumably access() could be tricked into passing more information -
> but other than that are there other ways that have been explored to
> disable all access checking and let lower levels do it?  If access
> checks are simply disabled in Samba, presumably at least read/write
> access flags (for data, not metadata) are already checkable, but
> presumably you could never get delete permission right in the access
> right without magic? Are there other obvious things which would fail?

I think that's a bad idea. Samba is designed to emulate exactly
a Windows SMB1/2/3 server, including evaluation of NT ACLs.

You'd need a kernel that 100% matches Windows semantics for
all operations to even get close. Maybe the Windows linux
kernel module might :-).

Loading...