Claimed Zero Day exploit in Samba.
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Feb 6 12:24:55 MST 2010
On Sat, 06 Feb 2010 14:12:38 -0500 simo wrote:
> > It would be feature-complete for users and administrators to control whether a
> > remote user is trying to link outside his share because a user might want to
> > link a directory in his own share, and an administrator might want to link a
> > directory for users inside their shares.
>
> Unfortunately it is not possible to have your cake and eat it too. If
> you want unix extensions and you do not want to severely limit what can
> be done with it, then you must allow to create any symbolic link.
like i said before and concurred by Jeremy, the ideal (but potentially
very complex) solution is to detect when remote users attempt to jump to
a target outside of their authorized shares and prevent that.
> Patch is here:
> http://gitweb.samba.org/?p=samba.git;a=commit;h=bd269443e311d96ef495a9db47d1b95eb83bb8f4
good news! thanks,
mike
More information about the samba-technical
mailing list