BUG: Wide Links - does not work as documented
jjaakkol at cs.Helsinki.FI
Mon Apr 10 11:42:57 GMT 2000
On Sat, 8 Apr 2000, Jeremy Allison wrote:
> Peter Polkinghorne wrote:
> > > From looking at the code in lib/util.c for reduce_name(), it because the
> > check is done by chdir to base part of filename. This obviously fails to
> > detect differences for symlinks directly to files.
> > The Solution would be to either change the documentation or make the test
> > detect whether dealing with a symlink at the last level - all a bit tricky.
> I think I'll fix the documentation for 2.0.7. If the code
> behavior is a big issue for someone they can send in a fix :-).
It certainly is and if noone else has not sent the fix, I will do it.
IMHO, the wide symlink feature is useless (and dangerous) if it does not
_really_ restrict access outside the share directory. And our users have
NFS access to the same directory tree, so they can create symlinks.
I am sure that we (Computer Science Department at University of
Helsinki) are not the only organisation who does not give users
remote login access to file servers and for whom wide symlinks is a
useful security feature.
IMHO, This is the kind of thing which should be reported in bugtraq and
would require a "security fix" notice in the release notes.
More information about the samba-technical