[Samba] unix exts / wide links / symlinks
Brother Railgun of Reason
alaric at caerllewys.net
Wed Mar 3 12:29:47 MST 2010
On Wed, Mar 03, 2010 at 11:25:03AM -0800, Jeremy Allison wrote:
> On Wed, Mar 03, 2010 at 01:58:58PM -0500, Brother Railgun of Reason wrote:
>
> > This can be interpreted either of two ways. Do you mean that you think
> > users should not be able to *enable* following wide symlinks (which I
> > understand to mean symbolic links whose target is located outside the
> > share), or should not be able to *disable* it?
>
> Users should not be able to enable following wide symlinks
> if "unix extensions = yes" (which means that symlinks can
> be dynamically created by clients).
>
> That's the basis of the security problem.
>
> If you want to allow both following wide symlinks
> and arbitrary client creation of symlinks then
> you need to change the code and recompile, as
> the combination is inherently unsafe.
Ahhh. That makes sense. I didn't know there was a capability for
Windows clients to be able to create Unix symlinks on a Samba share.
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the samba
mailing list