Package: samba
Version: 2:4.1.17+dfsg-2+deb8u1
Severity: normal
Dear Maintainer,
After the recent security update, shares of the root directory
(path = /) no longer work. The message in the log is
[2016/01/23 14:12:18.354046, 3] ../source3/smbd/vfs.c:1141(check_reduced_name)
check_reduced_name [etc] [/]
[2016/01/23 14:12:18.354167, 2] ../source3/smbd/vfs.c:1234(check_reduced_name)
check_reduced_name: Bad access attempt: etc is a symlink outside the share
path
conn_rootdir =/
resolved_name=/etc
[2016/01/23 14:12:18.354219, 3]
../source3/smbd/filename.c:1404(filename_convert_internal)
filename_convert_internal: check_name failed for name etc with
NT_STATUS_ACCESS_DENIED
My full smb.conf file is:
[global]
server string = %h server (Samba %v)
interfaces = br0, br1, 127.0.0.1
bind interfaces only = Yes
obey pam restrictions = Yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
show add printer wizard = No
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
invalid users = root
[root-readonly]
path = /
valid users = drothe
admin users = drothe
hosts allow = 10.249.1.102, 10.249.1.104
Setting "wide links = yes" and "allow insecure wide links = yes" has
no effect.
I suspect this is due to patch cve_2015_5252.diff, but I'm not sure
as my attempts to rebuild the package without the package fail.
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages samba depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.26
ii libasn1-8-heimdal 1.6~rc2+dfsg-9
ii libbsd0 0.7.0-2
ii libc6 2.19-18+deb8u1
ii libcomerr2 1.42.12-1.1
ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9
ii libkdc2-heimdal 1.6~rc2+dfsg-9
ii libkrb5-26-heimdal 1.6~rc2+dfsg-9
ii libldb1 2:1.1.17-2+deb8u1
ii libpam-modules 1.1.8-3.1
ii libpam-runtime 1.1.8-3.1
ii libpopt0 1.16-10
ii libpython2.7 2.7.9-2
ii libroken18-heimdal 1.6~rc2+dfsg-9
ii libtalloc2 2.1.1-2
ii libtdb1 1.3.1-1
ii libtevent0 0.9.21-1
ii lsb-base 4.1+Debian13+nmu1
ii multiarch-support 2.19-18+deb8u1
ii procps 2:3.3.9-9
ii python 2.7.9-1
ii python-dnspython 1.12.0-1
ii python-ntdb 1.0-5
ii python-samba 2:4.1.17+dfsg-2+deb8u1
pn python2.7:any <none>
ii samba-common 2:4.1.17+dfsg-2+deb8u1
ii samba-common-bin 2:4.1.17+dfsg-2+deb8u1
ii samba-dsdb-modules 2:4.1.17+dfsg-2+deb8u1
ii samba-libs 2:4.1.17+dfsg-2+deb8u1
ii tdb-tools 1.3.1-1
ii update-inetd 4.43
Versions of packages samba recommends:
ii attr 1:2.4.47-2
ii logrotate 3.8.7-1+b1
ii samba-vfs-modules 2:4.1.17+dfsg-2+deb8u1
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
ii ntp 1:4.2.6.p5+dfsg-7+deb8u1
pn smbldap-tools <none>
pn winbind <none>
-- debconf information:
samba/run_mode: daemons
samba/generate_smbpasswd: true
samba-common/title:
