Re: [Samba] Wide links and insecure wide links
- Date: Wed, 28 Feb 2018 10:19:58 -0800
- From: Jeremy Allison via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Wide links and insecure wide links
On Wed, Feb 28, 2018 at 01:39:09PM +0000, Stilez via samba wrote:
> I'd like to understand reasonably fully,, the difference between the two
> options "wide links" and "allow insecure wide links" in smb.conf. The docs
> make them sound very similar but as there are obvious security implications
> for anything to do with symlink scope, it's important to know what each of
> them allows/blocks and where they differ.
Setting "allow insecure wide links" to true allows
clients to create SMB1 UNIX extension symlinks on
the server filesystem that *THE SERVER WILL FOLLOW*.
You can see why this is a problem. The SMB2 UNIX
extensions will eliminate this possibility by
changing client-stored symlinks into a datastore
that the server will never follow. SMB2 UNIX extensions
are currently being coded up as a test branch (not
even experimental yet).
To unsubscribe from this list go to the following URL and read the