issues with 4.10.16 UnixWare port
Jeremy Allison
jra at samba.org
Fri Mar 4 19:29:14 UTC 2022
On Fri, Mar 04, 2022 at 10:04:53AM -0800, Tim Rice via samba-technical wrote:
>
>I am attempting to do some initial tests on my UnixWare port
>of samba-4.10.16. (4.15.3 required symlinkat, readlinkat, etc. UW
>does not have)
Just an FYI. Without the XXXXat() system calls Samba
will never be safe against symlink attacks on this
platform (neither will any other user-space code,
so I don't feel particulary picked on here :-).
Please explain this to any users of your port,
so they only expose files over SMB2+ (which renders
them safe vs. SMB symlink attacks, but not local
ones).
More information about the samba-technical
mailing list