BugTraq Post: Symlink attack in (all?) Samba. - Local root
walkthrough by Tozz
Jani Jaakkola
jjaakkol at cs.Helsinki.FI
Fri Dec 15 11:45:12 GMT 2000
On Fri, 15 Dec 2000, Andrew Bartlett wrote:
> Robert Dahlem wrote:
> > This is a list of users who will be granted administrative
> > privileges on the share. This means that they
> > will do all file operations as the super-user (root).
> >
> > You should use this option very carefully, as any user in this
> > list will be able to do anything they like on
> > the share, irrespective of file permissions.
>
> Maybe a small note should be added here to the effect of 'if you would
> like your admin users in any way constrained (despite their root status)
> the wide links parameter could be useful'.
It would make this kind of attack harder but not impossible. Even with
wide links parameter there are still ways to use race conditions to make
samba follow symlinks. There was discussion about this on the list many
months ago.
It is possible to patch samba to be able not to ever follow symlinks in
any situations (I actually promised to look into it), but since POSIX has
little or no support for that kind of thing it gets very complicated with
a significant performance hit. It probably is wiser and easier to patch
your filesystem to provide a way to ignore symlinks (completely or
conditionally).
- Jani
More information about the samba-technical
mailing list