[Samba] symlinks loop detection in Samba?
Ralph Boehme
slow at samba.org
Mon Jan 18 10:58:10 UTC 2021
Am 1/18/21 um 11:41 AM schrieb Giuseppe Lo Presti via samba:
> Following an old thread at [1] I wonder whether there's been any
> thought/plan to implement symbolic links loop detection in smbd.
what do you mean? smbd will detect loops because the kernel tells us
about loops with ELOOP.
There's an additional twist in the open code path where we implement
secure symlink deferrals avoiding share escape. This code has a limit of
following 20 symlinks before it gives up.
What's missing?
> This was seen on our setup with Samba 4.11.16, and for now we have
> deployed a workaround in our own filesystem implementation to stop the
> looping (by essentially hiding symlinks that point up the hierarchy, so
> Windows clients would not have a chance to loop on them). But I guess it
> would be nice if symlinks can be fully supported (i.e. keeping `follow
> symlinks = yes` whilst detecting loops), compensating the lack of
> support from Windows.
I hate to say it, but symlinks are fully supported.
> From that thread it seems Jeremy had some ideas, not sure how this went
> and whether there's some option I've missed that would do the trick.
This is still being worked (SMB2 UNIX Extensions that is) -- any help is
welcome! :)
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210118/9f48a2d6/OpenPGP_signature.sig>
More information about the samba
mailing list