[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: Claimed Zero Day exploit in Samba.
From:       David Collier-Brown <davec-b () rogers ! com>
Date:       2010-02-06 20:58:28
Message-ID: 4B6DD7F4.1080507 () rogers ! com
[Download RAW message or body]

Michael Gilbert wrote:
> On Sat, 6 Feb 2010 14:24:55 -0500 Michael Gilbert wrote:
>
>   
>> On Sat, 06 Feb 2010 14:12:38 -0500 simo wrote:
>>     
>>>> It would be feature-complete for users and administrators to control whether a 
>>>> remote user is trying to link outside his share because a user might want to 
>>>> link a directory in his own share, and an administrator might want to link a 
>>>> directory for users inside their shares.
>>>>         
>>> Unfortunately it is not possible to have your cake and eat it too. If
>>> you want unix extensions and you do not want to severely limit what can
>>> be done with it, then you must allow to create any symbolic link.
>>>       
>> like i said before and concurred by Jeremy, the ideal (but potentially
>> very complex) solution is to detect when remote users attempt to jump to
>> a target outside of their authorized shares and prevent that.
>>     
>
> i've got a sinking feeling that symlinks are not be the only way to
> achieve this goal.  i guess we'll see whether we get a new disclosure
> on that sometime soon.
>
> mike
>   

Hard links created by people with shell accounts will
1) appear to be inside the user's share
2) refer to something that is elsewhere

$ ln /etc/passwd
$  ls -l ./passwd
-rw-r--r-- 2 root root 1759 2009-11-13 10:16 ./passwd
$ head -2 ./passwd
root:!!:0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:/sbin/nologin
$

In general, the impedance mismatch here is both considerable and
hard to fix, as the concept of "outside your share"  means "somewhere
else" in the Unix world: it isn't a concept that exists outside of a jail...

--dave




-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb@spamcop.net           |                      -- Mark Twain
(416) 223-8968

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic