BUG: Wide Links - does not work as documented

Jeremy Allison jeremy at valinux.com
Thu Apr 13 17:36:59 GMT 2000

Jani Jaakkola wrote:
> - In any case, there is a race condition between check_name() and
>   the actual open or opendir system call. So:
>   o samba sees a file which is not a symlink
>   o a context switch happens. User removes the file and creates a symlink
>     in its place
>   o context is switched back to samba. Samba opens the file which is
>     a symlink to /etc/passwd
> So in conclusion: "wide links" and "follow symlinks" are _not_ useful as
> security features 

No, but then again they never were ! Because of course of the race condition
described above, which we have known since the code was written.

They are a *convenience* - and I believe the docs say so.

> 3. open the basename of the file with O_NOFOLLOW given to open.

Not at all portable I'm afraid.

> My problem is, that I want to enable symlinks, but only allow them
> followed inside the share directory and also make it work securely so
> that there is no way around it. I am still willing to provide a
> patch for this, but it will not be as simple as it first seemed to me.

Indeed. That's why a doc change is needed for 2.0.7.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list