Claimed Zero Day exploit in Samba.
eren at pardus.org.tr
Sat Feb 6 10:44:18 MST 2010
On Friday 05 February 2010 10:06:35 pm Michael Gilbert wrote:
> while more secure (hardened) defaults are good, wouldn't it be more
> effective to tackle the root cause of the problem? i.e. on the server
> side, detect attempts by remote users to create symlinks to targets
> outside of their authorized shares and prevent that.
As far as I read, the current situation comes down to 2 options.
1- "unix extensions = no", "wide links = yes"
With these options set, a samba administrator can link a directory (say
/usr/lib) on a samba share and users can see it. However, users can not link
anything. Even inside a samba share.
2- "unix extensiosn = yes", "wide links = no"
Symbolic linking is completely disabled. Even if a samba administrator links a
directory, users cannot follow symbolic links nor they can create.
It would be feature-complete for users and administrators to control whether a
remote user is trying to link outside his share because a user might want to
link a directory in his own share, and an administrator might want to link a
directory for users inside their shares.
I'm sure Samba team is working on it. However, I don't know how Samba
developers are treating this issue. In my humble opinion, this issue deserves
I would be happy if I can learn when Samba team will respond to this issue
with a patch. Although setting proper configuration solves the issue, applying
proper fix without breaking anything would be appreciative.
My best regards,
More information about the samba-technical