[Samba] Great article on Samba symlink fixes at Linux Weekly News !
Patrick Goetz
pgoetz at math.utexas.edu
Sun Feb 13 19:00:17 UTC 2022
I also don't quite understand the symlink vulnerability.
open("/my/super/important/stuff")
The concern is that this creates a race condition where someone could
cd /my/super
ln -s /your/nefarious/location ./important
where /your/nefarious/location/ includes a stuff/ directory before the
read or write is executed? How would this be possible given that
/my/super/ already includes an important/ directory? Am I completely
missing how this works?
On 2/13/22 12:36, Ralph Boehme wrote:
> On 2/13/22 17:55, Patrick Goetz via samba wrote:
>> OK, so my question is if all the internal functions have been switched
>> to use file handles rather than paths, how is it possible to re-enable
>> SMB1?
>
> just
>
> handle = open(path)
>
> and from then on use the handle. Of course the problem is doing the
> "open" symlink race safe, so in real Samba code we don't use open(2)
> directly, but the complex Samba function non_widelink_open().
>
> -slow
>
>
>
> This message is from an external sender. Learn more about why this
> matters. <https://ut.service-now.com/sp?id=kb_article&number=KB0011401>
>
>
More information about the samba
mailing list