Claimed Zero Day exploit in Samba.
Jeremy Allison
jra at samba.org
Fri Feb 5 13:46:06 MST 2010
On Fri, Feb 05, 2010 at 03:48:37PM -0500, Michael Gilbert wrote:
>
> in your original description, you stated that "wide links = no" will
> generate an "access denied" error when a "wide link" is accessed;
> however, you didn't mention that creation of "wide links" is also
> prevented. if this is true, then that is a very satisfactory
> solution.
No, it's actually incorrect. If "wide links = no", then no
one can ever access anything off share, and so UNIX symlinks
should be allowed to point to anywhere they like, as UNIX
clients will follow them locally, not on the server.
> however, i think that the prevention code itself already
> solves the root of the issue, and enabling that by default would fully
> solve the problem.
Nope - see above :-).
> i can understand giving the local administrator this capability.
> however, i don't see the need for remote users to have such authority
> (although any enlightenment would be very much appreciated).
Imagine an app running on a Linux client that needs a symlink
to /usr/local/lib inside it's filespace (don't know why, but
it might :-). If that app is run off a CIFSFS share creating
the /usr/local/lib symlink would fail with "wide links = no",
which is not what you want.
Jeremy.
More information about the samba-technical
mailing list