Bug 82041
Summary: | ignores wide links, serving files which shouldn't be served | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Ricker <chris.ricker> |
Component: | samba | Assignee: | Jay Fenlason <fenlason> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 | CC: | dkelson, jfeeney, kmaraas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-08 07:00:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Ricker
2003-01-16 18:05:35 UTC
This only occurs on symlinks to files, rather than symlinks to directories. I get the same behavior with samba-2.2.7a on an OpenBSD-2.1 system, so this is either a generic Samba bug or an undocumented feature. I've opened a bug report upstream, so we'll see what they say. Note that this does not allow reading of files that the user cannot usually read: a symlink to /etc/shadow correctly returns "Access Denied" when a Windows client attempts to read it. Also note that any user that can create a symlink to /etc/passwd can also do "cp /etc/passwd resume.txt", so the actual security enhancement in blocking symlinks to files is minimal. This is fixed in samba-2.2.8pre1 and later. I'll probably make errata after 2.2.8 is released. These were included in the current errata, right? Close this then? An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-137.html |