Patch for unix extensions
Simo Sorce
idra at samba.org
Wed Jan 1 12:02:00 GMT 2003
My idea was this:
let make it so taht if unix extensions are enabled, then we NEVER
resolve the links if we permit link creation.
If we do not want to have it so rigid, we may also add a proper option,
something like "wide unix symlinks" with all the proper warnings and
normally disabled. Then if you do a normal call, the link will be
honoured only if inside the exported file system.
This way the trick cannot work, and unix applications (or setups) that
rely on symlinks to work well are happy.
Simo.
On Tue, 2002-12-31 at 20:48, jra at dp.samba.org wrote:
> On Tue, Dec 31, 2002 at 10:36:33AM +0100, Simo Sorce wrote:
> >
> > Jeremy,
> > in case of unix extensions, shouldn't we pass the symlink as is and not
> > resolve it?
>
> Yes we do - if the client uses the UNIX extensions to
> readlink. The problem is a UNIX extension client could
> set a symlink on the server (which in a UNIX <--> UNIX
> scenario would never be resolved on the server, but read
> and resolved on the clients filesystem) and then do a
> normal SMB open call on it to escape the restrictions
> of exporting only a small part of the servers filesystem.
>
> > I think a proper unix-like file system should be able to return links.
>
> It can. I just can't trust the client to do this.
>
> Jeremy.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list