svn commit: samba-web r1365 - in trunk/news: .
tridge at samba.org
tridge at samba.org
Fri Feb 5 14:54:11 MST 2010
Author: tridge
Date: 2010-02-05 14:54:11 -0700 (Fri, 05 Feb 2010)
New Revision: 1365
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1365
Log:
improve layout
Modified:
trunk/news/symlink_attack.html
Changeset:
Modified: trunk/news/symlink_attack.html
===================================================================
--- trunk/news/symlink_attack.html 2010-02-05 21:49:33 UTC (rev 1364)
+++ trunk/news/symlink_attack.html 2010-02-05 21:54:11 UTC (rev 1365)
@@ -8,7 +8,7 @@
<p>A user named "kcopedarookie" posted what they claim to be a video
of a
-zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit
+zero-day <a href="http://www.youtube.com/watch?v=NN50RtZ2N74&aia=true">exploit
in Samba</a> on youtube yesterday.</p>
<p>The video shows modifications to smbclient allowing
@@ -25,6 +25,7 @@
</pre>
in the [global] section of your smb.conf and restart
smbd to eliminate this problem.</p>
+<p></p>
<h5>Longer FAQ: The real issue</h5>
@@ -38,21 +39,21 @@
allows Administrators to locally (on the server) add a symbolic link
inside an exported share which SMB/CIFS clients will follow.</p>
-<p>As an example, given a share definition:
+<p>As an example, given a share definition:</p>
<pre>
[tmp]
path = /tmp
read only = no
guest ok = yes
-</pre></p>
+</pre>
-<p>The administrator could add a symlink:
+<p>The administrator could add a symlink:</p>
<pre>
$ ln -s /etc/passwd /tmp/passwd
</pre>
-and SMB/CIFS clients would then see a file called "passwd" within
+<p>and SMB/CIFS clients would then see a file called "passwd" within
the [tmp] share that could be read and would allow clients to read
/etc/passwd.</p>
More information about the samba-cvs
mailing list