[linux-cifs-client] Re: SECURITY: how to disable symlinks on
cifs-client?
Steve French
smfrench at gmail.com
Sun Mar 2 16:27:09 GMT 2008
On Wed, Feb 27, 2008 at 4:55 PM, Ken wrote:
> Hi, is it currently possible to disable (ignore) symlinks, on the client
> (using mount or mount.cifs or autofs), symlinks which are on a remote
> untrusted CIFS/Samba server.
Two cases:
1) the server such as Samba supports the Unix Extensions (which have
native symlink support
in the protocol). In this case the client will read symlinks (unless
unix extensions are disabled
e.g. "nounix" on the mount options). Note that the server can disable support
for "wide links" in smb.conf (ie those which point outside of the server share).
Adding a "no wide links" feature to cifs in order to prevent symlinks
pointing to
something outside of the share would be possible - is there a
precedent in nfs or afs?
2) other types of servers: SFU (Windows "Services for Unix" style
symlinks) will not be read by default (only
if "sfu" mount option is specified). Currently (with mount option
"sfu" specified) the code recognizes but does
not follow SFU symlinks).
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list