[RFC] docs: remark about "veto files"

Uri Simchoni uri at samba.org
Mon Dec 17 13:20:15 UTC 2018 

Hi!

As part of the effort of cleaning up github pull requests, here's pull
request #142 (https://github.com/samba-team/samba/pull/142). The
question I have is whether this text describes a bug, or the intended
behavior.

Another point about this PR is that it doesn't contain a Signed-off-by
line, but I think we have precedents for that when it comes to small
changes.

Finally, if this is to be accepted as a documentation change, please
review and maybe push (RB+ me in that case...)

Thanks,
Uri.
-------------- next part --------------
From 25873208212b513c254887260ca042ec15418f39 Mon Sep 17 00:00:00 2001
From: stilez <stilez at users.noreply.github.com>
Date: Wed, 7 Mar 2018 15:44:06 +0000
Subject: [PATCH] Significant security point about veto files.

It might be expected that this parameter inherits on a directory, or prevents traversal. It only prevents the viewing or access of a listed directory, not its contents. Worth a mention.
---
 docs-xml/smbdotconf/filename/vetofiles.xml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs-xml/smbdotconf/filename/vetofiles.xml b/docs-xml/smbdotconf/filename/vetofiles.xml
index acbc3dcffb3..dd12e88e458 100644
--- a/docs-xml/smbdotconf/filename/vetofiles.xml
+++ b/docs-xml/smbdotconf/filename/vetofiles.xml
@@ -4,9 +4,11 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
  <description>
 	<para>
-	This is a list of files and directories that are neither visible nor accessible.  Each entry in 
-	the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' 
-	can be used to specify multiple files or directories as in DOS wildcards.
+	This is a list of files and directories that are neither visible nor accessible.  Each entry in
+	the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?'
+	can be used to specify multiple files or directories as in DOS wildcards. Note that directories in
+	the list can still be traversed, and their contents remain accessible using symlinks (if enabled),
+	since the parameter does not affect the contents of a directory but only the directory itself.
 	</para>
 
 	<para>
-- 
2.19.2

More information about the samba-technical mailing list