[Samba] Great article on Samba symlink fixes at Linux Weekly News !
slow at samba.org
Sun Feb 13 20:00:16 UTC 2022
On 2/13/22 20:00, Patrick Goetz wrote:
> I also don't quite understand the symlink vulnerability.
> The concern is that this creates a race condition where someone could
> cd /my/super
> ln -s /your/nefarious/location ./important
> where /your/nefarious/location/ includes a stuff/ directory before the
> read or write is executed? How would this be possible given that
> /my/super/ already includes an important/ directory? Am I completely
> missing how this works?
the race condition in open() has long been addressed in Samba, this was
addressed by a CVE fix in iirc 4.6.
The remaining problem was all the other path based syscalls we were
still uisng all over the place to read and write metadata including
xattrs -- which may include more then "just" metadata.
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the samba