Claimed Zero Day exploit in Samba.

Michael Gilbert michael.s.gilbert at gmail.com
Fri Feb 5 13:06:35 MST 2010


Jeremy Allison wrote:
> As an example, given a share definition:
>
> [tmp]
> 	path = /tmp
>	read only = no
>	guest ok = yes
>
> The administrator could add a symlink:
>
> $ ln -s /etc/passwd /tmp/passwd
> 
> and SMB/CIFS clients would then see a file called "passwd"
> within the [tmp] share that could be read and would allow
> clients to read /etc/passwd.
[...]
> All future versions of Samba will have the parameter
> "wide links" set to "no" by default, and the manual
> pages will be updated to explain this issue.

while more secure (hardened) defaults are good, wouldn't it be more
effective to tackle the root cause of the problem?  i.e. on the server
side, detect attempts by remote users to create symlinks to targets
outside of their authorized shares and prevent that.

mike


More information about the samba-technical mailing list