[Samba] unix exts / wide links / symlinks

Jeremy Allison jra at samba.org
Wed Mar 3 12:25:03 MST 2010


On Wed, Mar 03, 2010 at 01:58:58PM -0500, Brother Railgun of Reason wrote:

> This can be interpreted either of two ways.  Do you mean that you think 
> users should not be able to *enable* following wide symlinks (which I 
> understand to mean symbolic links whose target is located outside the 
> share), or should not be able to *disable* it?

Users should not be able to enable following wide symlinks
if "unix extensions = yes" (which means that symlinks can
be dynamically created by clients).

That's the basis of the security problem.

If you want to allow both following wide symlinks
and arbitrary client creation of symlinks then
you need to change the code and recompile, as
the combination is inherently unsafe.

Jeremy.


More information about the samba mailing list