[PATCH] s3: introduce new share parameter "open special files"
Simo
simo at samba.org
Fri May 3 14:55:50 MDT 2013
On 05/03/2013 07:15 AM, Ralph Wuerthner wrote:
> Hi list,
>
> attached patch introduces a new share parameter "open special files" to control whether special files such as sockets, devices and fifo's will be opened by the server or not. If set to "no" open requests to special files will fail with "access denied". Default value for "open special files" is "no".
>
> Access to special files impose a security risk because it may for example allow remote clients raw access to local hard drives or kernel memory.
>
> Regards
>
> Ralph
Access do device files is already regulated via file system permissions,
why do we need an additional special option ?
In what case it is ok to give a user access on a file locally but
artificially prevent that access via samba ?
Simo.
--
Simo Sorce
Samba Team Member <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list