15589 – Restrictive ACL doesn't prevent file from being displayed in directory listing since 4.19.3

Bug 15589 - Restrictive ACL doesn't prevent file from being displayed in directory listing since 4.19.3

Summary: Restrictive ACL doesn't prevent file from being displayed in directory listin...

Status:	RESOLVED INVALID

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.19.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-22 10:55 UTC by Peter Eriksson
Modified:	2024-02-23 08:16 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Eriksson 2024-02-22 10:55:59 UTC

I just noticed that setting a very restrictive ACL on a directory/file since 4.19.3 does not prevent the dir/file from being shown in directory listings anymore. This used to work up to 4.19.2. This could be an information leak.


Ie, I have a share containing 3 directories where "notshown" have a very restrictive ACL that prevents metadata information about the directory to be read:

root@filur00:/export/test # ls -l
total 2
drwx------+ 2 root     wheel            2 Feb 22 11:40 notshown
drwx------+ 2 peter86  employee-liu.se  2 Feb 15 09:02 peter86
drwxr-x---  2 root     wheel            2 Feb 22 11:49 unreadable

root@filur00:/export/test # lac peter86
# file: peter86
# owner: peter86
# group: employee-liu.se
           owner@:rwxpDdaARWcCos:fd-----:allow
        everyone@:------a-R-c--s:fd-----:allow

root@filur00:/export/test # lac unreadable
# file: unreadable
# owner: root
# group: wheel
           owner@:rwxp--aARWcCos:-------:allow
           group@:r-x---a-R-c--s:-------:allow
        everyone@:------a-R-c--s:-------:allow

root@filur00:/export/test # lac notshown
# file: notshown
# owner: root
# group: wheel
           owner@:rwxpDdaARWcCos:fd-----:allow
        everyone@:--------------:fd-----:allow



At Samba <= 4.19.2 it works as intended:

smb: \> dir
  .                                   D        0  Thu Feb 22 11:49:36 2024
  ..                                  D        0  Thu Feb 22 11:49:36 2024
  peter86                             D        0  Thu Feb 15 09:02:48 2024
  unreadable                          D        0  Thu Feb 22 11:49:36 2024

		18472019379 blocks of size 1024. 18472019216 blocks available



At Samba >= 4.19.3 it displays the directory:

smb: \> dir
  .                                   D        0  Thu Feb 22 11:49:36 2024
  ..                                  D        0  Thu Feb 22 11:49:36 2024
  peter86                             D        0  Thu Feb 15 09:02:48 2024
  unreadable                          D        0  Thu Feb 22 11:49:36 2024
  notshown                            D        0  Thu Feb 22 11:40:27 2024

		18472019489 blocks of size 1024. 18472019326 blocks available

I've tried the setting "hide unreadable = yes" but that hides all unreadable dirs/files (ie also the "unreadable" directory), which we don't want - only the ones with an ACL explicitly forbidding the reading of dir/file metadata should be hidden.

Comment 1 Peter Eriksson 2024-02-23 08:15:43 UTC

https://bugzilla.samba.org/show_bug.cgi?id=15093

Note to self: Always read *all* the release notes. Always.

Ok, so this is an intentional change. Drat. Ok, then I'll have to figure out some other way to hide directories...