search for: o_nofollow

...S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); --- 722,729 ---- if (name == NULL) return (EFAULT); /* XXX -- not the best error */ ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); free(name, M_TEMP); if (error) return (error); *** kern/imgact_aout.c 1999/05/17 00:53:36 1.52 --- kern/imgact_aout.c 1999/08/26 17:32:48 1.53 *************** *** 264,271 **** name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->...

...ucceed" in saving, but the changes were *not* written to that file! Very strange IMHO. So I did some more digging with strace, since I didn't find a clue in the logs. "strace -e open,close,write -f smbd -D" yielded: [pid 17704] open("foo/testfile.txt", O_RDWR|O_CREAT|O_NOFOLLOW, 0744) = 29 [some write()s to FD 24] [pid 17704] open("foo/testfile.txt", O_WRONLY|O_NOFOLLOW) = -1 EAGAIN (Resource temporarily unavailable) [pid 17704] --- SIGIO (I/O possible) @ 0 (0) --- [pid 17704] +++ killed by SIGIO +++ [pid 17478] --- SIGCHLD (Child exited) @ 0 (0) --- So this...

I've been seeing the Dovecot/SSL/Fedora 1 problem. I have a dovecot server which tends to die at least once a day, with messages like these :- May 24 13:44:44 mail pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded May 24 13:44:44 mail dovecot: Login process died too early - shutting down I noticed Timo's email about this at:

...r -v baz /tmp/foo root at wrn-dc1:~# getfattr -n user.bar /tmp/foo getfattr: Removing leading '/' from absolute path names # file: tmp/foo user.bar="baz" But when I strace "samba-tool domain provision": open("/usr/local/samba/tmpE7Z_yH", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 3 fcntl(3, F_GETFD) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 fstat(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 fcntl(3, F_GETFL) = 0x28002 (flags O_RDWR|O_LARGEFILE|O_NOFOLLOW) setxattr("/usr/local/samba/tmpE7Z_yH", "se...

...<fcntl.h> > +#include <unistd.h> > +#include <sys/types.h> > +#include <sys/stat.h> > +#include <sys/syscall.h> > + > +#ifndef __NR_lstat > + > +int lstat(const char *path, struct stat *buf) > +{ > + int fd = open(path, O_RDONLY | O_PATH | O_NOFOLLOW); > + int ret = fstat(fd, buf); > + close(fd); > + return ret; > +} > + > +#endif /* __NR_lstat */ [...] > diff --git a/usr/klibc/stat.c b/usr/klibc/stat.c > new file mode 100644 > index 0000000..92343f1 > --- /dev/null > +++ b/usr/klibc/stat.c > @@ -0,0 +1...

https://bugzilla.samba.org/show_bug.cgi?id=6633 Summary: Extended attributes under Solaris are not supported. Product: rsync Version: 3.0.6 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: Lloyd.Parkes at

Matthieu Herrb (1): libXfont2 2.0.3 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont2-2.0.3 https://xorg.freedesktop.org/archive/individual/lib/libXfont2-2.0.3.tar.bz2 MD5: b7ca87dfafeb5205b28a1e91ac3efe85 libXfont2-2.0.3.tar.bz2 SHA1: 1110f1ad4061d9e8131ecb941757480e3e32bca0 libXfont2-2.0.3.tar.bz2 SHA256: 0e8ab7fd737ccdfe87e1f02b55f221f0bd...

Matthieu Herrb (1): libXfont 1.5.4 Michal Srb (1): Open files with O_NOFOLLOW. (CVE-2017-16611) git tag: libXfont-1.5.4 https://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.4.tar.bz2 MD5: 16eaf156edd79b68038b6a7c44aa9e9b libXfont-1.5.4.tar.bz2 SHA1: 9db050f63b9c4cb19e0dbb40575558ccb95719ca libXfont-1.5.4.tar.bz2 SHA256: 1a7f7490774c87f2052d146d1e0e64518d32e6...

...0x0008 -#define O_SYNC 0x0010 #define O_NONBLOCK 0x0080 #define O_CREAT 0x0100 #define O_TRUNC 0x0200 @@ -27,11 +26,14 @@ #define O_NOCTTY 0x0800 #define FASYNC 0x1000 #define O_LARGEFILE 0x2000 +#define O_SYNC 0x4010 #define O_DIRECT 0x8000 #define O_DIRECTORY 0x10000 #define O_NOFOLLOW 0x20000 #define O_NOATIME 0x40000 #define O_CLOEXEC 0x80000 +#define O_PATH 0x200000 +#define O_TMPFILE 0x410000 #define O_NDELAY O_NONBLOCK @@ -53,6 +55,24 @@ #define F_SETLK64 34 #define F_SETLKW64 35 +#define F_SETOWN_EX 15 +#define F_GETOWN_EX 16 + +#define F_GETOWNER_UIDS 17 + +#de...

...; message, with the error code being NT_STATUS_ACCESS_DENIED. I straced the forked Samba process that's running with the privileges of the user that I log in as, and saw that open() returns EROFS : getcwd("/mnt/storage", 4096) = 13 open("a", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0644) = -1 EROFS (Read-only file system) Meanwhile, running a simple "touch" on said mount point, as the same user as the one running the forked Samba process, works fine. Why does Samba not seem to respect the remount? I tried restarting the smbd daemon, but with no effect. Running Sam...

Damien, Thanks for the response. Are you aware of any sftp server products that currently implement the uid / gid resolution or is this new draft just too unrefined / recent. Also, is there a definitive source for these drafts and where might they be published? Up till now I have just been reading the documentation available from www.openssh.org. I hope these questions aren't too

.../proc is serious security risk for me. Why? starce log lstat64("tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0 fstatat64(AT_FDCWD, "tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}, AT _SYMLINK_NOFOLLOW) = 0 openat(AT_FDCWD, "tt", O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 2 fstatat64(AT_FDCWD, "/proc/self/fd/2", 0x5bafe7f0, 0) = -1 ENOENT (No such file or directory) close(2) = 0 getpid() = 1395 sendto(0, "<28>Aug 1 00:35:51 rsyncd[1395]"..., 117, 0, NULL, 0)...

https://bugzilla.mindrot.org/show_bug.cgi?id=1471 Summary: sshd can block if authorized_keys is a named pipe Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: bitbucket at

Is there anyone actively working on adding recursive operations to sftp? I've got a recent snapshot of the source (Dec 6th), and I see extended options for ls and the inclusion of history, both of which are welcome, but there doesn't seem to be any hint of recursive operation support. If there are people working quietly on recursive op patches, I'd like to hear from you. I've

...: unlinkat(3, "file47b5546c", 0x00000000) = 0 17702: unlinkat(3, "moredirs", 0x00000000) Err#1 EPERM [sys_linkdir ] 17702: fstatat64(3, "moredirs", 0xFFBFF530, 0x00001000) = 0 17702: openat64(3, "moredirs", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW) = 4 17702: unlinkat(4, "somefile", 0x00000000) = 0 17702: unlinkat(3, "moredirs", 0x00000001) = 0 17702: unlinkat(-3041965, "/tmp/RtmpKrefN4", 0x00000001) Err#22 EINVAL I can provide the full truss output if desired.

..._RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFDIR|0700, st_size=72, ...}) = 0 lstat64("/usr/local/var/run/dovecot", {st_mode=S_IFDIR|0700, st_size=72, ...}) = 0 open(".", O_RDONLY|O_LARGEFILE) = 3 open("/usr/local/var/run/dovecot/login", O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = 4 open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0750, st_size=48, ...}) = 0 lstat64("/usr/local/var/run/dovecot/login", {st_mode=S_IFDIR|0750, st_size=48, ...}) = 0 open("/usr/local/var/run/dovecot/login", O_RDONLY|O_LARGEFIL...

...47b5546c", 0x00000000) = 0 > 17702: unlinkat(3, "moredirs", 0x00000000) Err#1 EPERM > [sys_linkdir > ] > 17702: fstatat64(3, "moredirs", 0xFFBFF530, 0x00001000) = 0 > 17702: openat64(3, "moredirs", O_RDONLY|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW) = 4 > 17702: unlinkat(4, "somefile", 0x00000000) = 0 > 17702: unlinkat(3, "moredirs", 0x00000001) = 0 > 17702: unlinkat(-3041965, "/tmp/RtmpKrefN4", 0x00000001) Err#22 EINVAL > > > I can provide the full truss output if des...

...64(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 close(3) = 0 lstat64("/var/run/dovecot/", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open(".", O_RDONLY|O_LARGEFILE) = 3 open("/var/run/dovecot//login", O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = 4 fchdir(4) = 0 open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory) open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 6 fstat64(6, {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 fcntl64(6, F_SETFD, FD_CLOEXEC...

I am trying to install samba 4.5.1 from source, as a domain controller only, under Ubuntu 16.04, with ZFS filesystem (actually inside an lxd container with ZFS backing). Out-of-the-box, samba-tool domain provision does not like the filesystem: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix

Many thanks to the moderator who pointed out errors and suggested the correct information on this post. Over half the ideas are due to him. ;) Don't forget this is about writing your own daemon or TCP program. Some of the ideas here will not happen with today's software that has been hardened. It is presented to prevent your software from being taken advantage of. Most often,