Web lists-archives.com

Re: [Samba] Wide links and insecure wide links

Thank you.

So, If I understand correctly, "ordinary" "wide links = yes", means Samba *will* traverse an existing symlink that points outside the root of the share, if permissions allow. However because it *also* disables SMB1 Unix extensions, it *also* prevents the user from creating or modifying symlinks on the share, so in wffect it inherently prevents this being exploited unless an insecure symlink already exists or is created by some *other* route. And thus, that enabling "insecure" wide links simply removes that safeguard.

If that's right, my clarification questions are

1) does this mean that configs containing "ordinary" wide link = yes might become a risk, when SMB2 style functionality eventually lands, or will it presumably be mitigated or remain unchanged from a security perspective at that time, as far as is known?

2) when you say in your reply, that "ordinary" wide links enabled "means the server will follow symlinks **on the file system*" that point outside the root of the share definition", do you in fact mean that it is also barred from crossing a device boundary onto another device (similar to "ls|rm|find -x", using stat to determine same file system), or something else (in which case what?)

Thanks for the help!

Last thing - how can this helpful info added to smb.conf doc/man pages where it might help others?


On 28 February 2018 19:48:37 Jeremy Allison <jra@xxxxxxxxx> wrote:

On Wed, Feb 28, 2018 at 07:30:45PM +0000, Stilez wrote:
Thanks - that much I (pretty much) got.

Its really the "wide links" option that isn't well distinguished/clarified.

*insecure* wide links is much more clear, although the detail you've given
helps a lot.

What exactly is the "ordinary" "wide links = yes" option going to do (with
or without Unix extensions), and how does it compare/how much exposure to
mischief does it expose?

"ordinary" "wide links = yes" means the
server will follow symlinks on the file
system that point outside the root of the
share definition. If set to off (default),
the server will refuse to follow symlinks
that point outside of the root of the
share definition, but will follow symlinks
that point within the share.

If this is turned on, it disables SMB1
unix extensions (which allow symlinks
to be created by the client) unless
"insecure wide links" is *also* turned

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba