Claimed Zero Day exploit in Samba.

Thomas Bork tombork at web.de
Fri Feb 5 14:52:01 MST 2010


Jeremy Allison wrote:

> The problem occurs as Samba allows clients using the UNIX
> extensions (which are also turned on by default) to create
> symlinks on remotely mounted shares on which they have write
> access that point to any path on the file system.

But this is not possible, if 'unix extensions = no' is set on the server 
side, isn't it?

> This is by design, as applications running on UNIX clients
> may have good reasons to create symlinks anywhere on the
> filesystem they have write access that point to local files
> (such as /etc/passwd).
>
> UNIX clients will resolve these links locally, but Windows
> clients will resolve them on the server. It is this combination
> that causes the problem.

I think it is a nice feature to symlink to areas outside a share, 
because I don't have to double the data.

If

'wide links = yes'

and

'unix extensions = no'

is set on the server side, this cannot be exploited, correct?

-- 
der tom


More information about the samba-technical mailing list