[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: Claimed Zero Day exploit in Samba.
From:       Jeremy Allison <jra () samba ! org>
Date:       2010-02-05 21:55:36
Message-ID: 20100205215536.GL4353 () samba1
[Download RAW message or body]

On Fri, Feb 05, 2010 at 10:52:01PM +0100, Thomas Bork wrote:
> Jeremy Allison wrote:
>
>> The problem occurs as Samba allows clients using the UNIX
>> extensions (which are also turned on by default) to create
>> symlinks on remotely mounted shares on which they have write
>> access that point to any path on the file system.
>
> But this is not possible, if 'unix extensions = no' is set on the server  
> side, isn't it?

Correct.

> I think it is a nice feature to symlink to areas outside a share,  
> because I don't have to double the data.
>
> If
>
> 'wide links = yes'
>
> and
>
> 'unix extensions = no'
>
> is set on the server side, this cannot be exploited, correct?

Correct.

I'm making a code change that will disallow "wide links = yes"
to be set on a share is "unix extensions = yes". That should
address any root cause.

Jeremy.
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic