Public bug reported: The listing (dirread) of a CIFS-mounted share does not contain one file, but which is really available on the share. When accessing the file directly (stat or open call), the file can be accessed. The consequence of this issue is: * file is not included in copy/backup, since the directory listing fails to show it * attacker could hide arbitrary data from linux system.
To reproduce: * Create files in a way, that you know, which files should be on the share. It is not clear, if this has to be done in a special way to trigger the problem (e.g. name length fill up buffers in a way to trigger +-1). On our system, pairs of files were created, so that it was obvious, that one of the pair was missing. * Run some ls tests: ** List all files in directory starting with one name (diropen/dirread): # ls -al log | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 36 Oct 30 2009 2007-08-23-syslog.1.gz-lta.gpg.checksum ** List two named files (stat): # ls -al log/2007-08-23-syslog.1.gz-lta.gpg log/2007-08-23-syslog.1.gz-lta.gpg.checksum | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 2148 Oct 30 2009 log/2007-08-23-syslog.1.gz-lta.gpg -rwxr-xr-x 1 root root 36 Oct 30 2009 og/2007-08-23-syslog.1.gz-lta.gpg.checksum * With additional echo 1 > /proc/fs/cifs/cifsFYI Both files show up in dmsg log: Jul 19 07:15:23 v3ls1203 kernel: [161751.469012] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa1f0 old entry cabaa160 Jul 19 07:15:23 v3ls1203 kernel: [161751.469017] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-22-syslog.2.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469023] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa290 old entry cabaa1f0 Jul 19 07:15:23 v3ls1203 kernel: [161751.469028] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg Jul 19 07:15:23 v3ls1203 kernel: [161751.469035] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa320 old entry cabaa290 Jul 19 07:15:23 v3ls1203 kernel: [161751.469041] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469047] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa3c0 old entry cabaa320 Jul 19 07:15:23 v3ls1203 kernel: [161751.469052] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-24-daemon.log-lta.gpg But 2007-08-23-syslog.1.gz-lta.gp does not show up in the strace dump "strace -s256 -f ls log" Affects: ======= * Ubuntu precise 32bit, fully updated # cat /proc/version Linux version 3.2.0-26-generic (buildd@lamiak) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) 0000041-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012 # lsb_release -rd Description: Ubuntu 12.04 LTS Release: 12.04 References: ========== * Might be similar bug from karmic: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/406466 * Possible other encounter: http://unix.stackexchange.com/questions/42140/weird-samba-and-gvfs-behavior-half-of-directories-files-randomly-appears-to-b/43454#43454 ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1026478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
