On Wed, Mar 03, 2010 at 11:25:03AM -0800, Jeremy Allison wrote: > On Wed, Mar 03, 2010 at 01:58:58PM -0500, Brother Railgun of Reason wrote: > > > This can be interpreted either of two ways. Do you mean that you think > > users should not be able to *enable* following wide symlinks (which I > > understand to mean symbolic links whose target is located outside the > > share), or should not be able to *disable* it? > > Users should not be able to enable following wide symlinks > if "unix extensions = yes" (which means that symlinks can > be dynamically created by clients). > > That's the basis of the security problem. > > If you want to allow both following wide symlinks > and arbitrary client creation of symlinks then > you need to change the code and recompile, as > the combination is inherently unsafe.
Ahhh. That makes sense. I didn't know there was a capability for Windows clients to be able to create Unix symlinks on a Samba share. -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 [email protected] [email protected] [email protected] Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
