[PATCH] s3: introduce new share parameter "open special files"
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat May 4 02:09:00 MDT 2013
On Fri, May 03, 2013 at 04:55:50PM -0400, Simo wrote:
> On 05/03/2013 07:15 AM, Ralph Wuerthner wrote:
> >Hi list,
> >
> >attached patch introduces a new share parameter "open special files" to control whether special files such as sockets, devices and fifo's will be opened by the server or not. If set to "no" open requests to special files will fail with "access denied". Default value for "open special files" is "no".
> >
> >Access to special files impose a security risk because it may for example allow remote clients raw access to local hard drives or kernel memory.
> >
> >Regards
> >
> > Ralph
>
> Access do device files is already regulated via file system
> permissions, why do we need an additional special option ?
> In what case it is ok to give a user access on a file locally but
> artificially prevent that access via samba ?
It's in the same line as the "wide links" option. If you
have a problem with links pointing out of your share file
system, your permissions are not right either.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list