thr3ads.net - samba - [Samba] Great article on Samba symlink fixes at Linux Weekly News ! [Feb 2022]

If this information is useful, please help other people find it:
Share via:

Ralph Boehme

2022-Feb-13 18:36 UTC

[Samba] Great article on Samba symlink fixes at Linux Weekly News !

On 2/13/22 17:55, Patrick Goetz via samba wrote:> OK, so my question is if all the internal functions have been switched 
> to use file handles rather than paths, how is it possible to re-enable 
> SMB1?
just

   handle = open(path)

and from then on use the handle. Of course the problem is doing the 
"open" symlink race safe, so in real Samba code we don't use
open(2)
directly, but the complex Samba function non_widelink_open().

-slow

-- 
Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20220213/997490b7/OpenPGP_signature.sig>

Patrick Goetz

2022-Feb-13 19:00 UTC

head link

[Samba] Great article on Samba symlink fixes at Linux Weekly News !

I also don't quite understand the symlink vulnerability.

   open("/my/super/important/stuff")

The concern is that this creates a race condition where someone could

   cd /my/super
   ln -s /your/nefarious/location ./important

where /your/nefarious/location/ includes a stuff/ directory before the 
read or write is executed? How would this be possible given that 
/my/super/ already includes an important/ directory?  Am I completely 
missing how this works?


On 2/13/22 12:36, Ralph Boehme wrote:> On 2/13/22 17:55, Patrick Goetz via samba wrote:
>> OK, so my question is if all the internal functions have been switched 
>> to use file handles rather than paths, how is it possible to re-enable 
>> SMB1?
> 
> just
> 
>  ? handle = open(path)
> 
> and from then on use the handle. Of course the problem is doing the 
> "open" symlink race safe, so in real Samba code we don't use
open(2)
> directly, but the complex Samba function non_widelink_open().
> 
> -slow
> 
> 
> 
> This message is from an external sender. Learn more about why this 
> matters.
<https://ut.service-now.com/sp?id=kb_article&number=KB0011401>
> 
>

samba - Feb 2022 - Great article on Samba symlink fixes at Linux Weekly News !

[Samba] Great article on Samba symlink fixes at Linux Weekly News !

[Samba] Great article on Samba symlink fixes at Linux Weekly News !