SMBFS mount's file cannot be made executable
Takashi Yano
takashi.yano@nifty.ne.jp
Mon Nov 11 11:32:02 GMT 2024
On Mon, 11 Nov 2024 20:19:28 +0900
Takashi Yano via Cygwin <cygwin@cygwin.com> wrote:
> On Mon, 11 Nov 2024 11:56:13 +0100
> Corinna Vinschen wrote:
> > > diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc
> > > index d5e39d281..c519af6e0 100644
> > > --- a/winsup/cygwin/sec/base.cc
> > > +++ b/winsup/cygwin/sec/base.cc
> > > @@ -681,6 +681,9 @@ convert_samba_sd (security_descriptor &sd_ret)
> > > ace->Header.AceFlags))
> > > return;
> > > }
> > > + /* Samba without AD seems to need this. */
> > > + add_access_allowed_ace (acl, FILE_ALL_ACCESS,
> > > + well_known_authenticated_users_sid, acl_len, 0);
> > > acl->AclSize = acl_len;
> > >
> > > RtlCreateSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
> > >
> > > What do you think?
> >
> > Giving all authenticated users full permissions to all your files?
> > Unconditionally? That sounds like opening a security hole wide open.
>
> Does this really mean such thing? Windows 11 share reports here,
> access mask 0x001201bf for S-1-5-11 is granted. Isn't this simillar?
Even with this patch, the file:
yano $ touch samba_test_file.txt
yano $ ls -l samba_test_files.txt
-rw-r--r-- 1 yano yano 0 Nov 11 20:25 samba_test_file.txt
cannot be written by other users:
someone $ echo BBBB > samba_test_files.txt
samba_test_files.txt: Permission denied.
--
Takashi Yano <takashi.yano@nifty.ne.jp>
More information about the Cygwin
mailing list