NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2005-q1

[suse-security] Samba security update broken

From: Polarizer (PolarizerCodixx.Com)
Date: Fri Feb 25 2005 - 06:49:55 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Suse people,

I did updates on a box running a samba server.

Suse Prof 9.1 with Samba 3.0.2a-51.i586 updated to samba-3.0.4-1.27.
All works "fine". Then i did an update to samba-3.0.9-2.6.i586 and
the problem occurs.

Every directory on a share is marked as write-protected in the property
dialog of windows. Nevertheless you are able to put files into.

You can't change the flag, set it to "not protected" has no effect.
Calling property dialog again shows it still as protected. The property
dialog for files is still working fine.

The impact is that some applications e.g. ACAD are checking this
attribut before writing into a directory and fail cause they get
a "write protected" info.

I rolled back to samba-3.0.4-1.27 and this behaviour disappears. A
directory is not longer marked as "write protected" per default.

Any comments on this are appriciated.

These attributes were mapped to extended attributes of filesystem
objects via

         store dos attributes = yes
         map archive = no
         map system = no
         map hidden = no

The share on this filesystem

/dev/XXX on /YYY type ext3
rw,data=journal,acl,user_xattr,grpquota,quota,usrquota

and is shared this way

[share]
         comment = Files of ...
         path = /XXX
         read only = No
         create mask = 0770
         directory mask = 0770
         directory security mask = 0700
         veto files = /.recycle/

The attributes for the directory "AA" are (not write protected):

getfattr -d AA
# file: AA
user.DOSATTRIB="0x10"

and write protected:

getfattr -d AA
# file: AA
user.DOSATTRIB="0x11"

but the actual rpm let samba show "write protected" even when
user.DOSATTRIB is "0x10". The "hidden" and "system" flags are
not affected.

BTW: I rolled back to original 9.1 samba version 3.0.2a-51 and
with this very version i wasn't enable to SET a directory write
protected with the windows dialog.

Any comments on this are appriciated

The polarizer

polarizers at its best
http://www.glass-polarizers.com

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]