[Samba] Great article on Samba symlink fixes at Linux Weekly News !
Ralph Boehme
slow at samba.org
Sun Feb 13 20:00:16 UTC 2022
On 2/13/22 20:00, Patrick Goetz wrote:
> I also don't quite understand the symlink vulnerability.
>
> open("/my/super/important/stuff")
>
> The concern is that this creates a race condition where someone could
>
> cd /my/super
> ln -s /your/nefarious/location ./important
>
> where /your/nefarious/location/ includes a stuff/ directory before the
> read or write is executed? How would this be possible given that
> /my/super/ already includes an important/ directory? Am I completely
> missing how this works?
the race condition in open() has long been addressed in Samba, this was
addressed by a CVE fix in iirc 4.6.
The remaining problem was all the other path based syscalls we were
still uisng all over the place to read and write metadata including
xattrs -- which may include more then "just" metadata.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220213/5f41c860/OpenPGP_signature.sig>
More information about the samba
mailing list