[Samba] Great article on Samba symlink fixes at Linux Weekly News !
pgoetz at math.utexas.edu
Sun Feb 13 19:00:17 UTC 2022
I also don't quite understand the symlink vulnerability.
The concern is that this creates a race condition where someone could
ln -s /your/nefarious/location ./important
where /your/nefarious/location/ includes a stuff/ directory before the
read or write is executed? How would this be possible given that
/my/super/ already includes an important/ directory? Am I completely
missing how this works?
On 2/13/22 12:36, Ralph Boehme wrote:
> On 2/13/22 17:55, Patrick Goetz via samba wrote:
>> OK, so my question is if all the internal functions have been switched
>> to use file handles rather than paths, how is it possible to re-enable
> handle = open(path)
> and from then on use the handle. Of course the problem is doing the
> "open" symlink race safe, so in real Samba code we don't use open(2)
> directly, but the complex Samba function non_widelink_open().
> This message is from an external sender. Learn more about why this
> matters. <https://ut.service-now.com/sp?id=kb_article&number=KB0011401>
More information about the samba