[OpenAFS] Microsoft Security Bulletin MS10-020 (KB980232) vs OpenAFS

Dave B botsch@cnf.cornell.edu
Wed, 09 Jun 2010 08:51:01 -0400

So, it sounds like we get to choose between..

=E2=80=A2 many applications crashing due to failure to support the query
=E2=80=A2 many applications terminating due to the null security descript=
being returned

Out of curiosity, why can't a not null security descriptor be returned?

On Wed, 2010-05-26 at 16:12 -0500, Jeffrey Altman wrote:
> FYI.  During the April 2010 Windows Update cycle a hot fix to the SMB
> redirector was pushed to Windows machines around the world.=20
> http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDat=
> What this fix does is add a validation operation on the data structures
> returned when an application issues the GetSecurityInfo() API.=20
> Experience has shown that failure to support this query causes many
> applications to crash.  Therefore, the AFS SMB Server returns a null
> security descriptor.  This descriptor is not considered valid by the ne=
> SMB validation code and the error STATUS_INVALID_NETWORK_RESPONSE is
> returned to the application.  The failure of the API to complete result=
> in the termination of many applications.
> The Windows TCL implementation is known to call this API.
> The hot fix is labeled "critical" because without the validator
> arbitrary data structures can be passed to the application that issues
> the query.
> There is no known fix for the problem that we can apply to OpenAFS at
> the current time.
> Jeffrey Altman
David William Botsch
CNF Computing