A simpler situation exists though — I can have a root binary that drops privileges, and is no longer able to read the directory is located in.
I can also “mv” a directory into a different parent with different permissions, even though programs may be open in that child directory. The security question is whether there is ever a need to suppress access to the cwd. I think there are several cases where this is absolutely valid. I do believe Joerg is right here — this represents, as far as I am concerned, a bug in the Samba code. They have made some assumption here that is completely bogus — there is no requirement that a process be able to obtain it’s own cwd. In fact, processes can even live without a valid cwd — for example if someone forcibly unlinks the directory. This isn’t even all that unusual — I have left my own shells in that on occasion. On Wed, Oct 11, 2017 at 12:56 PM Brian De Wolf <[email protected]> wrote: > On Tue, 10 Oct 2017 07:36:39 +0200 > Jorge Schrauwen <[email protected]> wrote: > > > I was wondering why I wasn't seeing this as I also run Samba 4.7.x on > > SmartOS. But I am not using shadow_copy2 so that's probably why I > > haven't killed my entire server yet. Although I do have some > > weirdness when my ZFS acls deny access to some directories. So that > > might indeed be related. > > > > Yeah, that sounds like the same scenario. It showed up for us on > shares with multiple groups and some creative ACLs at the top. It's > not a big deal to add +r to fix it, but it's a trap I'd like to prevent > people from falling into. > > > You may want to create a issue for this on the illumos bugtracker: > > https://www.illumos.org/issues > > > > Made a feature request: > > https://www.illumos.org/issues/8712 ------------------------------------------ illumos-discuss Archives: https://illumos.topicbox.com/groups/discuss/discussions/T1bf578bf66b8b8b0-M3574687bf1dfe3b1b09b3d7c Powered by Topicbox: https://topicbox.com
