[PATCH] LP #220658 stat broken for CIFS filesystem

Steve Langasek steve.langasek at canonical.com
Wed Jan 7 21:01:22 UTC 2009 

On Wed, Jan 07, 2009 at 11:36:37AM -0700, Tim Gardner wrote:
> > I am wary of changing these options in an SRU though, because I have seen
> > reports from Debian kernels of roughly the same vintage that there's no way
> > on the client side to down-negotiate to not use POSIX passthrough semantics,
> > which is sometimes what's called for.  Basically, enabling these options
> > could represent a security-related regression for users who are already
> > happily using the current settings.

> What do you think about doing this for Jaunty?

Should absolutely be appropriate.

On Wed, Jan 07, 2009 at 10:44:50AM -0800, Jim Lieb wrote:
> How is this a security related issue?  Posix semantics mean case sensitivity 
> and attributes (if used), something that UNIX/Linux programs expect.  Are 
> there use cases we can enumerate where security is an issue?  These need
> to be well documented if we are to be at variance with other enterprise 
> distros.

The trouble is that "POSIX semantics" *also* mean file ownership and mode.
I have seen a number of bug reports to the effect that, if you have POSIX
extensions enabled, it's very difficult to get the kernel cifs client to
*not* pass the server-side permissions through.  If POSIX extensions are
completely disabled on the client in intrepid, and we turn them on, suddenly
users are going to find their kernel trusting the server's notion of user
permissions where before they were specified at mount time.

Ideally, it should be possble to toggle the use of POSIX semantics both
per-client (via /proc/fs/cifs, for example) and per-mount, and we should
have a userspace policy that prohibits enabling passthrough of POSIX perms
for mounts by untrusted users.  In practice I don't think we have that
working; that would be a bug, but it's one that implies a major risk of
regression for enabling CONFIG_CIFS_POSIX.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the kernel-team mailing list