Displaying 3 results from an estimated 3 matches for "wffect".
Did you mean:
effect
2018 Feb 28
2
Wide links and insecure wide links
...inary" "wide links = yes", means Samba
*will* traverse an existing symlink that points outside the root of the
share, if permissions allow. However because it *also* disables SMB1 Unix
extensions, it *also* prevents the user from creating or modifying symlinks
on the share, so in wffect it inherently prevents this being exploited
unless an insecure symlink already exists or is created by some *other*
route. And thus, that enabling "insecure" wide links simply removes that
safeguard.
If that's right, my clarification questions are
1) does this mean that configs...
2018 Feb 28
0
Wide links and insecure wide links
...t;wide links = yes", means Samba
> *will* traverse an existing symlink that points outside the root of the
> share, if permissions allow. However because it *also* disables SMB1 Unix
> extensions, it *also* prevents the user from creating or modifying symlinks
> on the share, so in wffect it inherently prevents this being exploited
> unless an insecure symlink already exists or is created by some *other*
> route. And thus, that enabling "insecure" wide links simply removes that
> safeguard.
Yes.
> If that's right, my clarification questions are
>
>...
2018 Feb 28
2
Wide links and insecure wide links
Thanks - that much I (pretty much) got.
Its really the "wide links" option that isn't well distinguished/clarified.
*insecure* wide links is much more clear, although the detail you've given
helps a lot.
What exactly is the "ordinary" "wide links = yes" option going to do (with
or without Unix extensions), and how does it compare/how much exposure to