Bug 14759 - 4.15rc can leak meta-data about the directory containing the share path.
Summary: 4.15rc can leak meta-data about the directory containing the share path.
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
Depends on: 14758
  Show dependency treegraph
Reported: 2021-07-15 02:14 UTC by Jeremy Allison
Modified: 2021-08-09 13:45 UTC (History)
2 users (show)

See Also:

git-am fix for master. (3.39 KB, patch)
2021-07-15 04:43 UTC, Jeremy Allison
slow: review+
git-am cherry-pick for 4.15.rc2. (3.82 KB, patch)
2021-08-02 21:02 UTC, Jeremy Allison
metze: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2021-07-15 02:14:39 UTC
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".

If we're at the root of the share we don't want
a handle to the directory above it, so we should
silently open an fsp on "." for meta-data, but leave the
name returned to the client as "..".

Have patch, need bugnumber.
Comment 1 Jeremy Allison 2021-07-15 04:38:04 UTC
Hmmm. Thinking about it, we leak the same meta-data info for 4.14 and below also, we just used pathname functions to do it.

So it isn't really worse than what we already do. Still, I'd like to tighten it up for 4.15.
Comment 2 Jeremy Allison 2021-07-15 04:43:03 UTC
Created attachment 16681 [details]
git-am fix for master.

In ci as:

Comment 3 Jeremy Allison 2021-07-15 04:55:17 UTC
I would love a second opinion on whether this is something that needs fixing or not.

4.14 and below are currently doing pathname operations on ".." and returning the stat info and EA info for the ".." directory when a query directory is done on the root of the share (but the name cannot be opened by handle or pathname to actually read the contents of those EA's).

So in 4.15 we'll be doing the same thing, just by handle rather than pathname. Is this something that needs fixing ? Or shall I let sleeping dogs lie and close as NOTABUG ?

I checked Windows, and it returns a fileid of zero for ".." when listing the root directory, but that's the only thing I can see it hiding explicitly.
Comment 4 Jeremy Allison 2021-07-15 06:11:33 UTC
Passes ci. Now we need to decide if we need it for 4.15rc2.
Comment 5 Ralph Böhme 2021-07-28 12:43:24 UTC
Comment on attachment 16681 [details]
git-am fix for master.

Patch lgtm, pushed.
Comment 6 Samba QA Contact 2021-07-28 15:08:04 UTC
This bug was referenced in samba master:

Comment 7 Jeremy Allison 2021-08-02 21:02:00 UTC
Created attachment 16709 [details]
git-am cherry-pick for 4.15.rc2.
Comment 8 Jule Anger 2021-08-09 11:22:34 UTC
Pushed to autobuild-v4-15-test.
Comment 9 Samba QA Contact 2021-08-09 12:06:23 UTC
This bug was referenced in samba v4-15-test:

Comment 10 Jule Anger 2021-08-09 12:28:34 UTC
Closing out bug report.

Comment 11 Samba QA Contact 2021-08-09 13:45:00 UTC
This bug was referenced in samba v4-15-stable: