[PATCH][SMB3] allow files to be created with backslash in file name
Jeremy Allison
jra at samba.org
Sun Jan 3 04:13:23 UTC 2021
On Sat, Jan 02, 2021 at 09:45:53PM -0600, Steve French wrote:
>> So just creating a file containing : \ etc. doesn't do
>> this - you have to misconfigure the server FIRST.
>
>I agree that with Samba server this is less common (not sure how many
>vendors set that smb.conf
No one sets it by default to my knowledge.
>parm) but note that "man smb.conf" does not warn that disabling name
>mangling will break
Patches to the manpage welcome :-).
>smbclient (assuming that local files have been created on the server with one of
>the various reserved characters, perhaps over NFS for example). But
>... there are many
>other servers, and I wouldn't be surprised if other servers have
>sometimes returned files
>created by NFS or Ceph or some cluster fs that contain reserved
>characters, even if
>it is illegal.
Sure - but that then becomes a possible CVE for these
filesystem clients if they don't protect themselves
against server attacks.
What does *your* client code do if a server returns a
filename containing a / ? If you pass it up, the upper
layers may screw things up badly.
>> The SMBecho is due to the keepalive failing
>We (SMB/CIFS developers) would know that, but I doubt that all users
>would realize that
>(for example) creating a file over NFS with a reserved character and
>then reexporting the
>file over SMB with Samba configured with managled names off, or with a
>server that
>is less strict than Samba. Seems like it would be better to print a
>warning like:
> "exiting due to invalid character found in file name"
>rather than killing the session and ending up with the (to most users)
>unehelpful error message.
True. Again, patches welcome :-).
More information about the samba-technical
mailing list