On Wed, May 12, 2004 at 04:34:30PM -0400, Rohit Kumar Mehta
wrote:> Hi guys, I know Jon Newbigin made a post about this quite a while back
>
> http://lists.samba.org/archive/samba-technical/2002-December/026141.html
>
> and there was some discussion of a security risk.
>
> We are using the patch in Samba 2.2.9 in order make a link from smbfs
> mounted
> /home/user/.gnome -> /tmp/username/.gnome (or somesuch gnomism)
>
> Does anyone know the status of this in Samba 3? I could not find a
> working patch,
> so I have disabled the ensure_link_is_safe function in smbd/trans2.c
> manually,
> by inserting a return 0 before some logic. Since I am not very familiar
> with the
> code, I am not comfortable with this in our production environment.
> This seems to
> enable us to do what we want for the time being. (migrate from Win2K DC
> / Samba 2.2.9
> exported home directories to Win2K3 ADS / Samba 3.0.4 exported home
> directories)
>
> I would grateful for any advice or information on this matter.
Funny how these things go :-). I'm currently working on this exact
issue in the Samba 3.0.x codebase - UNIX symlinks will be much
better supported in the 3.0.5 release.
Jeremy.