[PATCH] s3: introduce new share parameter "open special files"
Ralph Wuerthner
ralphw at de.ibm.com
Mon May 6 07:29:11 MDT 2013
On Fri, 03 May 2013 16:55:50 -0400
Simo <simo at samba.org> wrote:
> On 05/03/2013 07:15 AM, Ralph Wuerthner wrote:
> > Hi list,
> >
> > attached patch introduces a new share parameter "open special
> > files" to control whether special files such as sockets, devices
> > and fifo's will be opened by the server or not. If set to "no" open
> > requests to special files will fail with "access denied". Default
> > value for "open special files" is "no".
> >
> > Access to special files impose a security risk because it may for
> > example allow remote clients raw access to local hard drives or
> > kernel memory.
> >
> > Regards
> >
> > Ralph
>
> Access do device files is already regulated via file system
> permissions, why do we need an additional special option ?
> In what case it is ok to give a user access on a file locally but
> artificially prevent that access via samba ?
Volker Lendecke described our scenario: a shared file system between NFS
for diskless workstations and CIFS. But Andrew Bartlett proposed a much
simpler solution which will make this patch obsolete for us: use the
'nodev' mount option.
Regards
Ralph
More information about the samba-technical
mailing list