On 19/01/2021 17:37, Jeremy Allison via samba wrote:> On Tue, Jan 19, 2021 at 04:05:47PM +0100, Giuseppe Lo Presti via samba > wrote: >> >> Thanks a lot Ralph, >> >> To be honest I did not wait for the 40 resolutions to be exceeded, as >> currently [*] implemented by the kernel, and thought that some loop >> detection would get triggered earlier (similarly to how e.g. `find >> -L` is implemented). Indeed I confirm that a Windows client looking >> to the properties of a shared folder with only one symlink to '.' >> does see exactly 40 folders, so it's all consistent. >> >> At the same time, I acknowledge we must keep a loop protection in our >> filesystem, because in the general case it does take too much time to >> reach 40 path resolutions when a real folder structure is involved, >> and a DoS is already happening. >> >> Cheers, >> Giuseppe >> >> >> P.S.: out of curiosity, why did you say "I hate to say, symlinks are >> fully supported"? :-) > > Symlinks are a blight on a perfectly well designed filesystem. Once > the VFS work is finished, expect an epic rant (talk :-) I'm planning > to give :-). Not often I'll say this, but Microsoft got it right > in Windows on this point. >Which is why I never understood why the default for 'follow symlinks' is 'yes'. I also cannot understand why 'allow insecure wide links' was created, probably someone asked for it, but they should have been told no. Rowland
On Tue, Jan 19, 2021 at 05:49:04PM +0000, Rowland penny via samba wrote:>On 19/01/2021 17:37, Jeremy Allison via samba wrote: >> >>Symlinks are a blight on a perfectly well designed filesystem. Once >>the VFS work is finished, expect an epic rant (talk :-) I'm planning >>to give :-). Not often I'll say this, but Microsoft got it right >>in Windows on this point. >> >Which is why I never understood why the default for 'follow symlinks' >is 'yes'. I also cannot understand why 'allow insecure wide links' was >created, probably someone asked for it, but they should have been told >no.History Rowland, ancient history. Once such things are in and supported it's really hard to remove them again.
On Tue, Jan 19, 2021 at 12:49 PM Rowland penny via samba <samba at lists.samba.org> wrote:> > On 19/01/2021 17:37, Jeremy Allison via samba wrote: > > On Tue, Jan 19, 2021 at 04:05:47PM +0100, Giuseppe Lo Presti via samba > > wrote: > >> > >> Thanks a lot Ralph, > >> > >> To be honest I did not wait for the 40 resolutions to be exceeded, as > >> currently [*] implemented by the kernel, and thought that some loop > >> detection would get triggered earlier (similarly to how e.g. `find > >> -L` is implemented). Indeed I confirm that a Windows client looking > >> to the properties of a shared folder with only one symlink to '.' > >> does see exactly 40 folders, so it's all consistent. > >> > >> At the same time, I acknowledge we must keep a loop protection in our > >> filesystem, because in the general case it does take too much time to > >> reach 40 path resolutions when a real folder structure is involved, > >> and a DoS is already happening. > >> > >> Cheers, > >> Giuseppe > >> > >> > >> P.S.: out of curiosity, why did you say "I hate to say, symlinks are > >> fully supported"? :-) > > > > Symlinks are a blight on a perfectly well designed filesystem. Once > > the VFS work is finished, expect an epic rant (talk :-) I'm planning > > to give :-). Not often I'll say this, but Microsoft got it right > > in Windows on this point. > > > Which is why I never understood why the default for 'follow symlinks' is > 'yes'. I also cannot understand why 'allow insecure wide links' was > created, probably someone asked for it, but they should have been told no. > > RowlandThey're much too often used to simply discard outright, especially for re-arranging mounted filesystems or shard content. Even popular software repository tools like the centos repositories use them extensively, linking centos/8 to centos/8.0, centos/8.1, centos/8.2, one after the other. Denying this feature to, for example, CIFS based access to a software repositpory is simply breaking things that have worked since well since Samba was first published.