Claimed Zero Day exploit in Samba.

Eren Türkay eren at pardus.org.tr
Sat Feb 6 10:44:18 MST 2010


On Friday 05 February 2010 10:06:35 pm Michael Gilbert wrote:
> while more secure (hardened) defaults are good, wouldn't it be more
> effective to tackle the root cause of the problem?  i.e. on the server
> side, detect attempts by remote users to create symlinks to targets
> outside of their authorized shares and prevent that.

As far as I read, the current situation comes down to 2 options.

1- "unix extensions = no", "wide links = yes"

With these options set, a samba administrator can link a directory (say 
/usr/lib) on a samba share and users can see it. However, users can not link 
anything. Even inside a samba share.

2- "unix extensiosn = yes", "wide links = no"

Symbolic linking is completely disabled. Even if a samba administrator links a 
directory, users cannot follow symbolic links nor they can create.

It would be feature-complete for users and administrators to control whether a 
remote user is trying to link outside his share because a user might want to 
link a directory in his own share, and an administrator might want to link a 
directory for users inside their shares.

I'm sure Samba team is working on it. However, I don't know how Samba 
developers are treating this issue. In my humble opinion, this issue deserves 
high priority.

I would be happy if I can learn when Samba team will respond to this issue 
with a patch. Although setting proper configuration solves the issue, applying 
proper fix without breaking anything would be appreciative.

My best regards,
Eren


More information about the samba-technical mailing list