So, it sounds like we get to choose between.. • many applications crashing due to failure to support the query • many applications terminating due to the null security descriptor being returned
Out of curiosity, why can't a not null security descriptor be returned? On Wed, 2010-05-26 at 16:12 -0500, Jeffrey Altman wrote: > FYI. During the April 2010 Windows Update cycle a hot fix to the SMB > redirector was pushed to Windows machines around the world. > http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDate=2010-04-13 > > What this fix does is add a validation operation on the data structures > returned when an application issues the GetSecurityInfo() API. > Experience has shown that failure to support this query causes many > applications to crash. Therefore, the AFS SMB Server returns a null > security descriptor. This descriptor is not considered valid by the new > SMB validation code and the error STATUS_INVALID_NETWORK_RESPONSE is > returned to the application. The failure of the API to complete results > in the termination of many applications. > > The Windows TCL implementation is known to call this API. > > The hot fix is labeled "critical" because without the validator > arbitrary data structures can be passed to the application that issues > the query. > > There is no known fix for the problem that we can apply to OpenAFS at > the current time. > > Jeffrey Altman > > -- ******************************** David William Botsch Programmer/Analyst CNF Computing [email protected] ******************************** _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
