CIFS extensions for UNIX
Jeremy Allison
jra at samba.org
Fri Feb 1 11:22:16 GMT 2002
On Fri, Feb 01, 2002 at 03:21:21PM +1100, John Newbigin wrote:
> I have implemented follow_link which makes symlinks work properly on the
> client but it highligts a problem with SMB_QUERY_FILE_UNIX_BASIC.
>
> There needs to be a version which always does an lstat
> (SMB_QUERY_FILE_UNIX_LINK_BASIC?) (does_this_name_look_to_long?). This
> needs to be the same as SMB_QUERY_FILE_UNIX_BASIC in all respects except
> that it does an lstat.
>
> There are also other stat v lstat problems with the current samba code.
> SMB_QUERY_FILE_UNIX_LINK currently does no do an lstat.
>
> In trans2.c call_trans2qfilepathinfo() there is some code which is
> perhaps meant to address this but I can't see how/what it is attempting
> to do:
Yes this was broken. I've (hopefully) fixed this in SAMBA_2_2 CVS
today. Please check out and test asap. I won't hold the release
for this.
> At any rate, the server needs to allow the client do request a stat or
> an lstat when it does a query.
The new code always does a lstat for UNIX extensions.
> Another issue relating to links is that samba appears to not want to
> create dangling symlinks. If symlinks are for the clients to resolve
> then this will prevent the creation of symlinks. This needs to be
> addressed. If it is a security issue then a config option to turn it on
> and off is probably required.
Yes this is a security issue - allowing dangling symlinks means
clients that don't resolve symlinks could open any file on the
system. A config option has already been discussed but I wasn't
going to make 2.2.3 wait for it.
Jeremy.
More information about the samba-technical
mailing list