[Samba] symlinks loop detection in Samba?

Ralph Boehme slow at samba.org
Mon Jan 18 10:58:10 UTC 2021

Am 1/18/21 um 11:41 AM schrieb Giuseppe Lo Presti via samba:
> Following an old thread at [1] I wonder whether there's been any 
> thought/plan to implement symbolic links loop detection in smbd.

what do you mean? smbd will detect loops because the kernel tells us 
about loops with ELOOP.

There's an additional twist in the open code path where we implement 
secure symlink deferrals avoiding share escape. This code has a limit of 
following 20 symlinks before it gives up.

What's missing?

> This was seen on our setup with Samba 4.11.16, and for now we have 
> deployed a workaround in our own filesystem implementation to stop the 
> looping (by essentially hiding symlinks that point up the hierarchy, so 
> Windows clients would not have a chance to loop on them). But I guess it 
> would be nice if symlinks can be fully supported (i.e. keeping `follow 
> symlinks = yes` whilst detecting loops), compensating the lack of 
> support from Windows.

I hate to say it, but symlinks are fully supported.

>  From that thread it seems Jeremy had some ideas, not sure how this went 
> and whether there's some option I've missed that would do the trick.

This is still being worked (SMB2 UNIX Extensions that is) -- any help is 
welcome! :)


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210118/9f48a2d6/OpenPGP_signature.sig>

More information about the samba mailing list