Claimed Zero Day exploit in Samba.

Michael Gilbert michael.s.gilbert at
Sat Feb 6 12:29:29 MST 2010

On Sat, 6 Feb 2010 14:24:55 -0500 Michael Gilbert wrote:

> On Sat, 06 Feb 2010 14:12:38 -0500 simo wrote:
> > > It would be feature-complete for users and administrators to control whether a 
> > > remote user is trying to link outside his share because a user might want to 
> > > link a directory in his own share, and an administrator might want to link a 
> > > directory for users inside their shares.
> > 
> > Unfortunately it is not possible to have your cake and eat it too. If
> > you want unix extensions and you do not want to severely limit what can
> > be done with it, then you must allow to create any symbolic link.
> like i said before and concurred by Jeremy, the ideal (but potentially
> very complex) solution is to detect when remote users attempt to jump to
> a target outside of their authorized shares and prevent that.

i've got a sinking feeling that symlinks are not be the only way to
achieve this goal.  i guess we'll see whether we get a new disclosure
on that sometime soon.


More information about the samba-technical mailing list