Claimed Zero Day exploit in Samba.

Michael Gilbert michael.s.gilbert at gmail.com
Fri Feb 5 14:10:00 MST 2010


On Fri, 5 Feb 2010 12:46:06 -0800, Jeremy Allison wrote:
> On Fri, Feb 05, 2010 at 03:48:37PM -0500, Michael Gilbert wrote:
> > 
> > in your original description, you stated that "wide links = no" will
> > generate an "access denied" error when a "wide link" is accessed;
> > however, you didn't mention that creation of "wide links" is also
> > prevented.  if this is true, then that is a very satisfactory
> > solution.
> 
> No, it's actually incorrect. If "wide links = no", then no
> one can ever access anything off share, and so UNIX symlinks
> should be allowed to point to anywhere they like, as UNIX
> clients will follow them locally, not on the server.
> 
> > however, i think that the prevention code itself already
> > solves the root of the issue, and enabling that by default would fully
> > solve the problem.
> 
> Nope - see above :-).
> 
> > i can understand giving the local administrator this capability.
> > however, i don't see the need for remote users to have such authority
> > (although any enlightenment would be very much appreciated).
> 
> Imagine an app running on a Linux client that needs a symlink
> to /usr/local/lib inside it's filespace (don't know why, but
> it might :-). If that app is run off a CIFSFS share creating
> the /usr/local/lib symlink would fail with "wide links = no",
> which is not what you want.

that's a very good example.  would it be wrong to dictate that local
paths must be hardcoded, rather than symlinked (or manually symlinked
by the samba server administrator)?

mike


More information about the samba-technical mailing list