[Samba] Great article on Samba symlink fixes at Linux Weekly News !

Patrick Goetz pgoetz at math.utexas.edu
Sun Feb 13 19:00:17 UTC 2022

I also don't quite understand the symlink vulnerability.


The concern is that this creates a race condition where someone could

   cd /my/super
   ln -s /your/nefarious/location ./important

where /your/nefarious/location/ includes a stuff/ directory before the 
read or write is executed? How would this be possible given that 
/my/super/ already includes an important/ directory?  Am I completely 
missing how this works?

On 2/13/22 12:36, Ralph Boehme wrote:
> On 2/13/22 17:55, Patrick Goetz via samba wrote:
>> OK, so my question is if all the internal functions have been switched 
>> to use file handles rather than paths, how is it possible to re-enable 
>> SMB1?
> just
>    handle = open(path)
> and from then on use the handle. Of course the problem is doing the 
> "open" symlink race safe, so in real Samba code we don't use open(2) 
> directly, but the complex Samba function non_widelink_open().
> -slow
> This message is from an external sender. Learn more about why this 
> matters. <https://ut.service-now.com/sp?id=kb_article&number=KB0011401>

More information about the samba mailing list