BUG: Wide Links - does not work as documented
Jeremy Allison
jeremy at valinux.com
Thu Apr 13 17:36:59 GMT 2000
Jani Jaakkola wrote:
>
>
> - In any case, there is a race condition between check_name() and
> the actual open or opendir system call. So:
> o samba sees a file which is not a symlink
> o a context switch happens. User removes the file and creates a symlink
> in its place
> o context is switched back to samba. Samba opens the file which is
> a symlink to /etc/passwd
>
> So in conclusion: "wide links" and "follow symlinks" are _not_ useful as
> security features
No, but then again they never were ! Because of course of the race condition
described above, which we have known since the code was written.
They are a *convenience* - and I believe the docs say so.
> 3. open the basename of the file with O_NOFOLLOW given to open.
Not at all portable I'm afraid.
> My problem is, that I want to enable symlinks, but only allow them
> followed inside the share directory and also make it work securely so
> that there is no way around it. I am still willing to provide a
> patch for this, but it will not be as simple as it first seemed to me.
Indeed. That's why a doc change is needed for 2.0.7.
Jeremy
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list