We have some file servers running OmniOS that are serving their shares
using Samba rather than the in-kernel server. We recently updated
Samba, experienced crashes, and worked through the problem with Samba
developers [1].
A summary of the problem is that newer versions of Samba use
getwd/getcwd/realpath to track where the Samba process is so that it
can't be tricked into operating in a directory outside of the share's
parent directory. This breaks down on Illumos platforms because getcwd
observes filesystem permissions- if one of the parent directories is
unreadable to the process, the process can no longer call getcwd
successfully. This originally caused the server to panic and
completely die, but even with patches, only certain operations are
available when getcwd is broken (read-only, essentially).
The other main platforms (Linux and FreeBSD) don't have this issue.
Annoyingly, Illumos seems willing to provide this information without
constraints, but only if you readlink("/proc/self/path/cwd") instead.
Is it crazy to ask for getcwd's behavior to be changed? It's
technically allowed by POSIX to fail like this (which I suspect is to
allow for naive implementations that have to walk the filesystem), but
there doesn't seem to be an alternative for a process that wants to
validate its cwd.
Is there something I'm missing that Samba could use instead? I've
played with using LD_PRELOAD to replace getwd/getcwd with reading proc,
but that doesn't feel like a sustainable solution.
[1] https://bugzilla.samba.org/show_bug.cgi?id=13027
------------------------------------------
illumos-discuss
Archives:
https://illumos.topicbox.com/groups/discuss/discussions/T1bf578bf66b8b8b0-M8a06a15e6dd1b3a2eca4b5af
Powered by Topicbox: https://topicbox.com
