smbd: Security fix for systems without O_PATH

Further up we add O_PATH manually. Initial development versions of
this code did set the is_pathref, but then I found this potential
problem. I forgot to remove this incarnation of is_pathref=true, doing
it now.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index afde81d30706b734cd55c28c85cf38996655a7bb..62ca9fc1c8fb6b4910ce18592e6a9b236b039974 100644 (file)
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -762,8 +762,8 @@ NTSTATUS openat_pathref_dirfsp_nosymlink(
 #ifdef O_PATH
        /*
         * Add O_PATH manually, doing this by setting
-        * fsp->fsp_flags.is_pathref will make us become_root(), which
-        * would cause a security problem.
+        * fsp->fsp_flags.is_pathref will make us become_root() in the
+        * non-O_PATH case, which would cause a security problem.
         */
        flags |= O_PATH;
 #else
@@ -901,7 +901,6 @@ next:
                                          nt_errstr(status));
                                goto fail;
                        }
-                       fsp->fsp_flags.is_pathref = true;
                        fsp->fsp_name = &full_fname;
                } else {
                        fsp = tmp;