[Samba] symlinks loop detection in Samba?

Rowland penny rpenny at samba.org
Tue Jan 19 17:49:04 UTC 2021

On 19/01/2021 17:37, Jeremy Allison via samba wrote:
> On Tue, Jan 19, 2021 at 04:05:47PM +0100, Giuseppe Lo Presti via samba 
> wrote:
>> Thanks a lot Ralph,
>> To be honest I did not wait for the 40 resolutions to be exceeded, as 
>> currently [*] implemented by the kernel, and thought that some loop 
>> detection would get triggered earlier (similarly to how e.g. `find 
>> -L` is implemented). Indeed I confirm that a Windows client looking 
>> to the properties of a shared folder with only one symlink to '.' 
>> does see exactly 40 folders, so it's all consistent.
>> At the same time, I acknowledge we must keep a loop protection in our 
>> filesystem, because in the general case it does take too much time to 
>> reach 40 path resolutions when a real folder structure is involved, 
>> and a DoS is already happening.
>> Cheers,
>> Giuseppe
>> P.S.: out of curiosity, why did you say "I hate to say, symlinks are 
>> fully supported"? :-)
> Symlinks are a blight on a perfectly well designed filesystem. Once
> the VFS work is finished, expect an epic rant (talk :-) I'm planning
> to give :-). Not often I'll say this, but Microsoft got it right
> in Windows on this point.
Which is why I never understood why the default for 'follow symlinks' is 
'yes'. I also cannot understand why 'allow insecure wide links' was 
created, probably someone asked for it, but they should have been told no.


More information about the samba mailing list