[Samba] symlinks loop detection in Samba?
Rowland penny
rpenny at samba.org
Tue Jan 19 17:49:04 UTC 2021
On 19/01/2021 17:37, Jeremy Allison via samba wrote:
> On Tue, Jan 19, 2021 at 04:05:47PM +0100, Giuseppe Lo Presti via samba
> wrote:
>>
>> Thanks a lot Ralph,
>>
>> To be honest I did not wait for the 40 resolutions to be exceeded, as
>> currently [*] implemented by the kernel, and thought that some loop
>> detection would get triggered earlier (similarly to how e.g. `find
>> -L` is implemented). Indeed I confirm that a Windows client looking
>> to the properties of a shared folder with only one symlink to '.'
>> does see exactly 40 folders, so it's all consistent.
>>
>> At the same time, I acknowledge we must keep a loop protection in our
>> filesystem, because in the general case it does take too much time to
>> reach 40 path resolutions when a real folder structure is involved,
>> and a DoS is already happening.
>>
>> Cheers,
>> Giuseppe
>>
>>
>> P.S.: out of curiosity, why did you say "I hate to say, symlinks are
>> fully supported"? :-)
>
> Symlinks are a blight on a perfectly well designed filesystem. Once
> the VFS work is finished, expect an epic rant (talk :-) I'm planning
> to give :-). Not often I'll say this, but Microsoft got it right
> in Windows on this point.
>
Which is why I never understood why the default for 'follow symlinks' is
'yes'. I also cannot understand why 'allow insecure wide links' was
created, probably someone asked for it, but they should have been told no.
Rowland
More information about the samba
mailing list