[RFC] docs: remark about "veto files"
uri at samba.org
Mon Dec 17 13:20:15 UTC 2018
As part of the effort of cleaning up github pull requests, here's pull
request #142 (https://github.com/samba-team/samba/pull/142). The
question I have is whether this text describes a bug, or the intended
Another point about this PR is that it doesn't contain a Signed-off-by
line, but I think we have precedents for that when it comes to small
Finally, if this is to be accepted as a documentation change, please
review and maybe push (RB+ me in that case...)
-------------- next part --------------
From 25873208212b513c254887260ca042ec15418f39 Mon Sep 17 00:00:00 2001
From: stilez <stilez at users.noreply.github.com>
Date: Wed, 7 Mar 2018 15:44:06 +0000
Subject: [PATCH] Significant security point about veto files.
It might be expected that this parameter inherits on a directory, or prevents traversal. It only prevents the viewing or access of a listed directory, not its contents. Worth a mention.
docs-xml/smbdotconf/filename/vetofiles.xml | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/docs-xml/smbdotconf/filename/vetofiles.xml b/docs-xml/smbdotconf/filename/vetofiles.xml
index acbc3dcffb3..dd12e88e458 100644
@@ -4,9 +4,11 @@
- This is a list of files and directories that are neither visible nor accessible. Each entry in
- the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
- can be used to specify multiple files or directories as in DOS wildcards.
+ This is a list of files and directories that are neither visible nor accessible. Each entry in
+ the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
+ can be used to specify multiple files or directories as in DOS wildcards. Note that directories in
+ the list can still be traversed, and their contents remain accessible using symlinks (if enabled),
+ since the parameter does not affect the contents of a directory but only the directory itself.
More information about the samba-technical