[Samba] Great article on Samba symlink fixes at Linux Weekly News !

Ralph Boehme slow at samba.org
Sun Feb 13 20:00:16 UTC 2022

On 2/13/22 20:00, Patrick Goetz wrote:
> I also don't quite understand the symlink vulnerability.
>    open("/my/super/important/stuff")
> The concern is that this creates a race condition where someone could
>    cd /my/super
>    ln -s /your/nefarious/location ./important
> where /your/nefarious/location/ includes a stuff/ directory before the 
> read or write is executed? How would this be possible given that 
> /my/super/ already includes an important/ directory?  Am I completely 
> missing how this works?

the race condition in open() has long been addressed in Samba, this was 
addressed by a CVE fix in iirc 4.6.

The remaining problem was all the other path based syscalls we were 
still uisng all over the place to read and write metadata including 
xattrs -- which may include more then "just" metadata.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220213/5f41c860/OpenPGP_signature.sig>

More information about the samba mailing list