[Samba] can't turn on wide links in homedir
theultramage at gmail.com
Mon Sep 12 11:31:37 MDT 2011
On 12. 9. 2011 19:21, Jeremy Allison wrote:
> We needed to make it impossible to configure Samba insecurely.
> At the time this was proposed, it was posted to the list and
> no dissenting voices were heard.
> Since then there have been a couple of people with the desire
> to configure Samba in a completely insecure mode like yourself,
> and there is a proposed patch to allow Samba to be run with
> this known security hole. As you may imagine, I'm not too keen
> on this but we may decide to add it in for people who desire
> insecure setups.
Well, I'm not too sure about the real security implications of this
thing. I could restrict the flag to homedirs only - and since homedirs
are private to the person accessing them, unless the user symlinks /
into his public_html dir it shouldn't be that bad... but I can
understand that someone wishing to lock down a system would want to
minimize risks (although then why does he give out local ssh accounts).
For my personal use I dug through the sources a bit and disabled the
stuff in widelinks_warning() and lp_widelinks(), so there's no
particular time pressure from my side :)
More information about the samba