RFC: CVE-2017-2619 fix breaks accessing previous versions of directories with snapshots in subdirectories of the share
scott.lovenberg at gmail.com
Fri Jul 7 12:58:10 UTC 2017
> On Jul 7, 2017, at 07:12, Ralph Böhme via samba-technical <samba-technical at lists.samba.org> wrote:
> As explained in <https://bugzilla.samba.org/show_bug.cgi?id=12885>:
> With shadow:snapdirseverywhere=true and a snapshot directory that
> * is a subdirectory of a share
> * and that contains a snapshot directory
> we fail the symlink check in the new function non_widelink_open() because
> parent_dirname() cuts off the subdirectory name leaving only the @GMT stanza
> which is then interpreted by the called functions as being relative to the
> parent directory which it isn't.
> The simplest fix as far as I can see is to leverage the fact that (given the
> system defines O_DIRECTORY) we know when we're called for a directory, so we can
> just directly chdir() into the path passed by the caller.
> Can we rely here on O_DIRECTORY? Linux has it, FreeBSD has it, Solaris has it
> and we probably don't care about the rest.
> The subsequent security check done in check_reduced_name() should continue to
> work with this change.
> I've just fire of a private autobuild with the patchset and will follow up with
> the results (fingers crossed :) ).
Out of curiosity, does this break MSDFS links since they're internally handled like symlinks IIRC?
More information about the samba-technical