Stefan G. Weichinger
2022-Dec-11 14:59 UTC
[Samba] 4.17.3 on debian: vfs_full_audit issues
Am 10.12.22 um 00:21 schrieb Jeremy Allison via samba:> On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote: >> of code in the patch :). >> >> The thing is that _some_ syscalls now have both ways, - eg open *and* >> openat. >> >> (Sure it's okay to modify the manpage too). >> >> The PoC patch is attached (I haven't tried to even compile it yet). >> Is something like that okay? :) > > Looks good, but doing a search on "AT," finds: > > SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path" > SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path" > SMB_VFS_OP_FSTATAT -> map to "fstat" ? > SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?Thanks all in the thread. I assume I can only wait for any updated packages? For now share access seems to work on that server, just with a reduced set of logged actions. That's acceptable for a few days, as long as the users don't know ;-)
On 11/12/2022 14:59, Stefan G. Weichinger via samba wrote:> Am 10.12.22 um 00:21 schrieb Jeremy Allison via samba: >> On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote: >>> of code in the patch :). >>> >>> The thing is that _some_ syscalls now have both ways, - eg open *and* >>> openat. >>> >>> (Sure it's okay to modify the manpage too). >>> >>> The PoC patch is attached (I haven't tried to even compile it yet). >>> Is something like that okay? :) >> >> Looks good, but doing a search on "AT," finds: >> >> SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path" >> SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path" >> SMB_VFS_OP_FSTATAT -> map to "fstat" ? >> SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ? > > Thanks all in the thread. I assume I can only wait for any updated > packages?Not really, you just need to remove one operation 'rmdir', this doesn't seem to exist (not according to the manpage). You also need to add 'at' to three of the 'operations, you had: full_audit:success = mkdir rmdir read pread write pwrite rename unlink It needs to now be: full_audit:success = mkdirat read pread write pwrite renameat unlinkat The '*at' operations have replaced the earlier versions. Rowland