[PATCH] Allow reparse points to be created/read/removed over SMB2 from smbclient.
Jeremy Allison
jra at samba.org
Fri Dec 1 17:19:44 UTC 2017
On Fri, Dec 01, 2017 at 09:11:37AM -0800, Jeremy Allison via samba-technical wrote:
> On Fri, Dec 01, 2017 at 09:34:10AM -0700, Daniel Fussell via samba-technical wrote:
> > On 11/29/2017 04:22 PM, Jeremy Allison via samba-technical wrote:
> > > Latest part of my quest to get a working test environment
> > > for reparse points so I can implement them in smbd.
> >
> > Jacob Holtom and I have been working on the smbd symlink reparse point
> > code as well, changing it to properly return the symlink error/reparse
> > responses instead of just adding the reparse tag.
> >
> > Our target environment does not support extended attributes. We've been
> > talking about using the UNIX symlink target as the link-target when the
> > follow symlinks option is enabled. Does anyone have any objections?
>
> Yes, I don't want smbd creating UNIX symlinks anymore.
>
> This has been and continues to be a big security hole.
>
> I only want reparse points stored in EA's.
Expaning further. At least on Linux you can't store
EA's on symlinks. This means you have nowhere to store
the FILE_ATTRIBUTE_REPARSE_POINT bit, and will have
to expose *all* symlinks on the server filesystem as
reparse points.
This is a receipe for disaster. Please don't do this :-).
More information about the samba-technical
mailing list